Nessus / Qualys scan
Description
The remote SSH server is configured to allow either MD5 or 96-bit MAC algorithms, both of which are considered weak.
Note that this plugin only checks for the options of the SSH server, and it does not check for vulnerable software versions.
Note that this plugin only checks for the options of the SSH server, and it does not check for vulnerable software versions.
Output
-
The following client-to-server Message Authentication Code (MAC) algorithms are supported : hmac-md5 hmac-md5-96 hmac-sha1-96 hmac-sha2-256-96 The following server-to-client Message Authentication Code (MAC) algorithms are supported : hmac-md5 hmac-md5-96 hmac-sha1-96 hmac-sha2-256-96
Solution:
The server and client negotiate the algorithm for checking packets transmitted between them.
You can run the ssh server hmac command to configure the check algorithm list of the SSH server.
The server compares the check algorithm list sent from the client with its own check algorithm list, and selects the first matched check algorithm for checking transmitted packets. If the check algorithm lists of the server and client have no common check algorithm, the check algorithm negotiation fails. Add the below command to negate the issue.
<HUAWEI> system-view [~HUAWEI] ssh server hmac sha2_256
good!!
ReplyDelete
ReplyDeleteحساب المواطن
كايلي
من مميزات خط النسخ
كوره
محمد بن زايد