27 April 2016

Fedora 27: Weak SSH Algorithms Supported

Recently my workstation was scanned for vulnerabilities and the Nessus scanning software reported a medium vulnerability of “SSH Weak Algorithms Supported”. The Vulnerability report had few details. Luckily I was able to find the folowing resources.

Add the following snippet to the end of your ssh_config file to disable the weak algorithms.

/etc/ssh/ssh_config

...
Protocol 2

Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128 

MACs hmac-sha1,umac-64@openssh.com,hmac-ripemd160
...
tags: fedora - nessus - cbc - cipher block chaining - ssh - weak - algorithm

Less Is More