Forum Stats

  • 3,816,616 Users
  • 2,259,214 Discussions
  • 7,893,519 Comments

Discussions

SShd_Config File issue

User_3NF63
User_3NF63 Member Posts: 2 Green Ribbon

Hello Team,


Could you please provide the assistance below the questions?

1) SSH Server CBC Mode Ciphers Enabled (70658)

2) SSH Weak Key Exchange Algorithms Enabled (153953)

Comments

  • Nik
    Nik Blocked Member Posts: 2,879 Bronze Crown

    Hmm. Is it mystery ?

    What the magic numbers ?

    What version of Oracle Linux You use and what problem you have ?


    Regards,

    Nik

  • User_3NF63
    User_3NF63 Member Posts: 2 Green Ribbon

    I am using the oracle 8.5 version. we have got below the Nessus scan finding.


    1) SSH Server CBC Mode Ciphers Enabled (70658)


    2) SSH Weak Key Exchange Algorithms Enabled (153953)

  • user10174131
    user10174131 Member Posts: 35 Blue Ribbon
    edited Apr 25, 2022 6:40PM

    kex and symmetric ciphers are configured with the crypto-policies packages.

    If you run "man 5 update-crypto-policies" you will see that, in addition to OpenSSH, this can be used to remove CBC and weak key exchange from GnuTLS, OpenSSL, NSS, OpenJDK, Libkrb5, Libreswan, and libssh.

    If you select the FUTURE policy shown in "man crypto-policies" you will at least remove CBC (as it is not in TLS1.2).