解决openvas中提到的"SSH Weak Encryption Algorithms Supported"问题

错误描述

Summary

The remote SSH server is configured to allow weak encryption algorithms.

Vulnerability Detection Result

The following weak client-to-server encryption algorithms are supported by the remote service:

3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc


The following weak server-to-client encryption algorithms are supported by the remote service:

3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc

Solution

Solution type:

Disable the weak encryption algorithms.

解决方案

1.备份sshd_config文件

cp /etc/ssh/sshd_config /etc/ssh/sshd_config.$(date +%F)

2.在/etc/ssh/sshd_config文件中加入下面内容

Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com

3.重启ssh服务

service ssh restart

4.测试是否成功，客户端连接服务器

ssh root@host -c aes128-cbc

提示Unable to negotiate with {host} port 22: no matching cipher found. Their offer: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com则修改成功