Neurohazard
暮雲煙月,皓首窮經;森羅萬象,如是我聞。

【Nessus】SSH Weak Algorithms Supported 等

wpadmin~September 8, 2019 /System Management

【Nessus】SSH Weak Algorithms Supported 等

<!–more–>

相关问题

1 SSH Server CBC Mode Ciphers Enabled
2 SSH Weak MAC Algorithms Enabled
3 SSH Weak Algorithms Supported

修复方案

1 编辑 sshd 配置文件 /etc/ssh/sshd_config
2 默认情况

# default is aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
# aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
# aes256-cbc,arcfour
# default is hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96

建议修改为

Ciphers aes128-ctr,aes192-ctr,aes256-ctr
MACs umac-64@openssh.com,hmac-ripemd160

建议先在虚拟机上测试一下,修改配置后能否重新连接 ssh 。

之后重启 ssh 服务

systemctl restart sshd

参考资料

https://developer.ibm.com/answers/questions/187318/faq-how-do-i-disable-cipher-block-chaining-cbc-mod/

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.