Because the project needs to be accepted for security detection, a security company has detected the following encryption vulnerabilities of sshd:
ssh server CBC mode ciphers enabled
warning: pay attention to check the status of sshd after restart
summary, description and solutions are as follows:
the security company has detected the following encryption vulnerabilities of sshd https://www.tenable.com/plugins/nessus/70658
1. Modify the encryption method
[root@localhost ~] vim /etc/ssh/sshd_config
Annotate related fields
# Ciphers and keying
Add encryption method at the end
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,arcfour
Macs hmac-sha1,hmac-ripemd1602. Restart the service after saving
[root@localhost ~]# systemctl restart sshd3. SSH verification
[root@localhost ~]# ssh -vv -oCiphers=aes128-cbc,3des-cbc,blowfish-cbc target IP
[root@localhost ~]# ssh -vv -oMACs=hmac-md5 target IP4. Nmap verification
nmap --script ssh2-enum-algos -sV -p 22 target IPResults
Unable to negotiate with 127.0.0.1 port 22: no matching cipher found. Their offer: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,arcfour
Similar Posts:
- SSH Connection Error: no matching host key type found. Their offer: ssh-dss [Solved]
- Repair of SSH startup failure after Ubuntu 16.04 update
- Failed to get D-Bus connection: Operation not permitted [docker Install centos7]
- [Solved] Mariadb Start Error: Could not increase number of max_open_files to more than 1024 (request: 5035)
- Too many authentication failures for root
- [Solved] Error encountered uploading license: Cannot install a [PLATINUM] license unless TLS is configured or security is disabled
- Xshell remote SSH error: the server sent an unexpected packet. RECEIVED:3,EXPECTED:20
- [Solved] dnet: Failed to open device eth5
- nmap: Failed to open device ethxxx [How to Solve]
- [Solved] Centos7 linux ailed to stop iptables.service: Unit iptables.service not loaded.