Our security scanner Qualys reported the vulnerability “Deprecated SSH Cryptographic Settings”
The scan report provided description of the threat posed by the vulnerability, recommendation for correcting the problem and the result which shows how Qualys verified the vulnerability.
Vulnerability : Deprecated SSH Cryptographic Settings
QID: 38739
THREAT: The SSH protocol (Secure Shell) is a method for secure remote login from one computer to another.The target is using deprecated SSH cryptographic settings to communicate.
IMPACT: A man-in-the-middle attacker may be able to exploit this vulnerability to record the communication to decrypt the session key and even the messages.
SOLUTION: Avoid using deprecated cryptographic settings. Use best practices when configuring SSH.
I tried the solution at this page, but adding these entries to /etc/ssh/sshd_config caused an error.
Any suggestions?
Ciphers aes128-cbc,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],aes25[email protected],[email protected]
Kexalgorithms diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,[email protected],gss-gex-sha1-,gss-group1-sha1-,gss-group14-sha1-
The scan report provided description of the threat posed by the vulnerability, recommendation for correcting the problem and the result which shows how Qualys verified the vulnerability.
Vulnerability : Deprecated SSH Cryptographic Settings
QID: 38739
THREAT: The SSH protocol (Secure Shell) is a method for secure remote login from one computer to another.The target is using deprecated SSH cryptographic settings to communicate.
IMPACT: A man-in-the-middle attacker may be able to exploit this vulnerability to record the communication to decrypt the session key and even the messages.
SOLUTION: Avoid using deprecated cryptographic settings. Use best practices when configuring SSH.
Deprecated SSH Cryptographic Settings - #!LinuxMinion
Our security scanner Qualys reported the vulnerability “Deprecated SSH Cryptographic Settings” across RHEL6 & RHEL7 fleet servers. The scan report provided description of the threat posed by the vulnerability, recommendation for correcting the problem and the result which shows how Qualys...
www.linuxminion.com
Any suggestions?
Ciphers aes128-cbc,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],aes25[email protected],[email protected]
Kexalgorithms diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,[email protected],gss-gex-sha1-,gss-group1-sha1-,gss-group14-sha1-
Last edited by a moderator:
