2024/06/12

本次弱掃有關SSH出現以下二個中風險


The remote SSH server is configured to allow / support weak key

exchange (KEX) algorithm(s).

Detection Result

The remote SSH server supports the following weak KEX algorithm(s):


KEX algorithm                      | Reason

------------------------------------------------

diffie-hellman-group-exchange-sha1 | Using SHA-1




The remote SSH server is configured to allow / support weak
encryption algorithm(s).
Detection Result
The remote SSH server supports the following weak client-to-server encryption algorithm(s):

aes128-cbc
aes256-cbc

解決方式是在 /etc/ssh/sshd_config
加入以下二行

Ciphers aes128-ctr,aes192-ctr,aes256-ctr

KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1

重新啟動daemon



張貼者:
標籤: , , ,

沒有留言:

張貼留言

訂閱: 張貼留言 (Atom)