how to disallow weak algorithms from ssh
robert
robert at redcor.ch
Sun Aug 6 14:44:21 UTC 2017
|
|
|hi ther,|
|I had one of my servers tested using https://sshcheck.com
|
it did point me to the following week algorithms that the server seams
to allow.
Where can I disallow them?
thanks
robert
|diffie-hellman-group14-sha1|
Diffie-Hellman with 2048-bit Oakley Group 14 with SHA-1 hash
<https://tools.ietf.org/html/rfc4253>
Oakley Group 14 should be secure for now. SHA-1 is becoming obsolete,
consider using SHA-256 version. Weak
|umac-64-etm at openssh.com|
64-bit UMAC (Universal Hashing MAC) (Encrypt-then-MAC) by OpenSSH
<https://tools.ietf.org/html/draft-miller-secsh-umac-01>
64-bit UMAC is no longer considered secure enough. Recommended tag size
should be at least 128 bits. Weak
|hmac-sha1-etm at openssh.com|
Hash-based MAC using SHA-1 (Encrypt-then-MAC) by OpenSSH
SHA-1 is becoming deprecated - consider replacing with SHA-256 or
SHA-512. Weak
|umac-64 at openssh.com|
64-bit UMAC (Universal Hashing MAC) by OpenSSH
<https://tools.ietf.org/html/draft-miller-secsh-umac-01>
64-bit UMAC is no longer considered secure enough. Weak
|hmac-sha1|
Hash-based MAC using SHA-1 <https://tools.ietf.org/html/rfc4253>
SHA-1 is becoming deprecated - consider replacing with SHA-256 or
SHA-512. Weak
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20170806/39eff4b0/attachment.html>
More information about the ubuntu-users
mailing list