Discussions
Categories
- 17.9K All Categories
- 3.4K Industry Applications
- 3.3K Intelligent Advisor
- 63 Insurance
- 535.7K On-Premises Infrastructure
- 138.1K Analytics Software
- 38.6K Application Development Software
- 5.6K Cloud Platform
- 109.3K Database Software
- 17.5K Enterprise Manager
- 8.8K Hardware
- 71K Infrastructure Software
- 105.2K Integration
- 41.5K Security Software
SShd_Config File issue
Hello Team,
Could you please provide the assistance below the questions?
1) SSH Server CBC Mode Ciphers Enabled (70658)
2) SSH Weak Key Exchange Algorithms Enabled (153953)
Comments
-
Hmm. Is it mystery ?
What the magic numbers ?
What version of Oracle Linux You use and what problem you have ?
Regards,
Nik
-
I am using the oracle 8.5 version. we have got below the Nessus scan finding.
1) SSH Server CBC Mode Ciphers Enabled (70658)
2) SSH Weak Key Exchange Algorithms Enabled (153953)
-
kex and symmetric ciphers are configured with the crypto-policies packages.
If you run "man 5 update-crypto-policies" you will see that, in addition to OpenSSH, this can be used to remove CBC and weak key exchange from GnuTLS, OpenSSL, NSS, OpenJDK, Libkrb5, Libreswan, and libssh.
If you select the FUTURE policy shown in "man crypto-policies" you will at least remove CBC (as it is not in TLS1.2).