Open mykaul opened 1 year ago
To respond to vulnerability scanning:
key exchange - diffie-hellman-group1-sha1, cipher - blowfish-cbc, cipher - cast128-cbc, cipher -3des-cbc
Need to have in /etc/ssh/sshd_config :
Ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com macs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 kexalgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
(Need to test on Ubuntu, copied from my Fedora!)
CC @yaronkaikov
mykaul
commented
4 months ago mykaul
commented
4 months ago
To respond to vulnerability scanning:
Need to have in /etc/ssh/sshd_config :
(Need to test on Ubuntu, copied from my Fedora!)