27 April 2016

Recently my workstation was scanned for vulnerabilities and the Nessus scanning software reported a medium vulnerability of “SSH Weak Algorithms Supported”. The Vulnerability report had few details. Luckily I was able to find the folowing resources.

Add the following snippet to the end of your ssh_config file to disable the weak algorithms.

/etc/ssh/ssh_config


...
Protocol 2

Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128 

MACs hmac-sha1,umac-64@openssh.com,hmac-ripemd160
...