disabling "weak" algorithms in sshd
Özgür Kazancci
ozgur at kazancci.com
Mon Feb 17 15:47:11 UTC 2020
Hello.
I usually use: https://www.sshaudit.com - great tool&recommendations!
First, check your sshd IP/port via sshaudit.com, note your "score",
afterwards apply the suggestions listed, and re-check your server again:
https://www.sshaudit.com/hardening_guides.html
Best,
Özgür
On 17/02/2020 18:09, Shamim Shahriar wrote:
> Good afternoon all
>
> I had been googling for quite some time and so far came up empty, maybe
> someone can shed some light or point me to the correct direction.
>
> I have introduced a bunch of servers into an infrastructure that
> previously
> had zero FreeBSD system. They make use of Tenable Security Centre (
> tenable.com) which I believe used Nessus in the backend to identify
> vulnerabilities. Amongst other things, it is picking up on
> (tenable/nessus
> plugin ID 90317) "SSH Weak Algorithms Supported) because the server
> allows
> "none" algorithms.
>
> Is there any way to "select" or "selectively disable" algorithms and
> hashes
> from sshd? According to various web sources, certain implementation on
> certain distributions might have options to amend the list, but none of
> the
> examples I have found worked on my FreeBSD system.
>
> Would appreciate if someone could please point me to the correct
> direction.
>
> Kind regards
> SK
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list