Professional Documents
Culture Documents
Sign in / Register
dW Answers
Search
Tags
Spaces
More
Ask a question
Search tips
P DO A
SSH
CI P HE RS
CBC
S S HD_ CO NFI G
Follow this
question
Follow
25 people are following this
question.
You may have run a security scan or your auditor may have highlighted
the following SSH vulnerabilities and you would like to address them.
SSH Server CBC Mode Ciphers Enabled
SSH Weak MAC Algorithms Enabled
pdfcrowd.com
# default is aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,ar
cfour128,
# aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
# aes256-cbc,arcfour
Answers
Answers & comments
# default is hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96
,hmac-md5-96
To disable CBC mode ciphers and weak MAC algorithms (MD5 and -96),
add the following lines into the /etc/ssh/sshd_config file.
Related questions
FAQ: Why do db2_all or rah
show error "mesg: 0803-003
Cannot find the terminal" on
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour
128
MACs hmac-sha1,umac-64@openssh.com,hmac-ripemd160
1 Answ er
stopsrc -s sshd
startsrc -s sshd
2 Answ ers
ssh -vvv -F
DPM (Database
Performance Monitor) in
PDOA?
1 Answ er
MQA - RTC Integration. Too
pdfcrowd.com
pdfcrowd.com
160]
Like Comment
Sort:
Your
answer
pdfcrowd.com
Hint: You can notify a user about this post by typing @username.
Post answer
FAQ
REPORT ABUSE
T ERM S OF USE
Powered by AnswerHub
pdfcrowd.com