Vulnerability Detection Result
The remote SSH server supports the following weak KEX algorithm(s):
KEX algorithm | Reason
------------------------------------------------
diffie-hellman-group-exchange-sha1 | Using SHA-1
明明之前就修過也驗証了
到底是那裡有問題
只能猜想有沒有可能是某次更新又自己加回去
這次換個方法修
update-crypto-policies --set DEFAULT:DISABLE-CBC:NO-SHA1
檢查一次
ssh -o KexAlgorithms=diffie-hellman-group-exchange-sha1 10.0.0.1
Unable to negotiate with 10.0.0.1 port 22: no matching key exchange method found. Their offer: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,kex-strict-s-v00@openssh.com
希望之後不會再出現了
沒有留言:
張貼留言