SSH Server CBC Mode Ciphers - SSH Weak Algorithms
Post date: Jun 03, 2019 3:32:39 PM
You may have had a security scan of your web server, and found the results of a weak algorithm with your SSH "Cipher Block Chain" Mode Ciphers - See Wikipedia for details.
SSH Server CBC Mode Ciphers Enabled
SSH Weak MAC Algorithms Enabled
The default /etc/ssh/sshd_config file may contain lines similar to the ones below:
# default is aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
# default is hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96
To disable CBC mode ciphers and weak MAC algorithms, add the following lines into the:
Restart after you have made these changes.
SSH -Q cipher
sudo systemctl status sshd
ls -la ~/.ssh