How to Mitigate SSH weak algorithm caused by ARC4 in
OS: Redhat LinuxDescription
Nessus / Open VAS has detected that the remote SSH server is configured to use the Arcfour stream cipher or no cipher at all. RFC 4253 advises against using Arcfour due to an issue with weak keys.
Solution:
To disable ARC4 go to /etc/ssh/sshd_config and add the following entry
# restrict ciphers to exclude arcfour
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc
Now restart the sshd
service sshd restart
This should mitigate the identified vulnerability and remove RC4.
you can use the command sshd -T |grep ciphers to check the current supported cipher versions running .
No comments:
Post a Comment