[Nessus] SSH Weak MAC Algorithms Enabled
Enviado: 17 Fev 2016 20:44
Description
Description
The SSH server is configured to allow either MD5 or 96-bit MAC algorithms,
both of which are considered weak. Note that this plugin only checks for the options
of the SSH server and does not check for vulnerable software versions.
Solution
Contact the vendor or consult product documentation to disable MD5 and 96-bit MAC algorithms.
Resolução do problema base CentOS / Red Hat Linux
Editar o /etc/ssh/sshd_config e adicionar:
Description
The SSH server is configured to allow either MD5 or 96-bit MAC algorithms,
both of which are considered weak. Note that this plugin only checks for the options
of the SSH server and does not check for vulnerable software versions.
Solution
Contact the vendor or consult product documentation to disable MD5 and 96-bit MAC algorithms.
Resolução do problema base CentOS / Red Hat Linux
Editar o /etc/ssh/sshd_config e adicionar:
Código: Selecionar todos
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,arcfour
MACs hmac-sha1,hmac-ripemd160Código: Selecionar todos
/etc/init.d/sshd reload
/etc/init.d/sshd restart