- 1Linux网络服务器编程:TCP与UDP详解
- 2如何将项目与之前配置好的git取消关联_项目取消git关联
- 3PHP - 经典面试题大全,看这一篇就够了_php面试题
- 4杭州余杭中考之卷_余杭2024年中考
- 5【安全】使用docker安装Nessus
- 6Git的安装及基础命令_git命令安装
- 7flash知识点_flash 定义的 1u是多大
- 8AX58100 EtherCAT ET1100 SPI FMSC 从站 XML配置文件快速生成开发设计说明及源程序_多个 ax58100
- 9修改AndroidStudio工程名_android studio修改项目名称
- 10Windows上FreeRDP-WebConnect是一个开源HTML5代理,它提供对使用RDP的任何Windows服务器和工作站的Web访问_freerdpwebconnect
Centos7/SSH Weak Key Exchange Algorithms Enabled/SSH Server CBC Mode Ciphers Enabled
赞
踩
SSH Weak Key Exchange Algorithms Enabled
SSH Server CBC Mode Ciphers Enabled
https://knowledge.broadcom.com/external/article/263231/disabling-weak-kex-algorithms-hostkey-al.html
http://kb.ictbanking.net/article.php?id=690&oid=2
https://access.redhat.com/solutions/6963758
----------------------
# sshd -T | grep "
gssapikexalgorithms gss-gex-sha1-,gss-group1-sha1-,gss-group14-sha1-
ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256 -gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
macs umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-et m@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac- sha2-512,hmac-sha1
kexalgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,e cdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman- group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group 14-sha1,diffie-hellman-group1-sha1
-----------------------
# vi /etc/ssh/sshd_config
Ciphers aes128-ctr,aes192-ctr,aes256-ctr
KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256
MACs hmac-sha2-256,hmac-sha2-512
gssapikeyexchange no
gssapiauthentication no
-----------------------
# systemctl restart sshd
----------------------
# sshd -T | grep "
gssapikexalgorithms gss-gex-sha1-,gss-group1-sha1-,gss-group14-sha1-
ciphers aes128-ctr,aes192-ctr,aes256-ctr
macs hmac-sha2-256,hmac-sha2-512
kexalgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256
------------------------------------------------------
#sshd -T | grep gssapi
