How to identify any weak MACs, Ciphers in the sshd_config

Jananath Banuka

7/21/23, 10:36 AM

I read this article, where it pointed out the weak mac algorithms. And currently I removed any bad Macs from my sshd_configuration. But I am still worried about the Ciphers.

Here's my sshd_config file. Can someone help me identify the weak Ciphers and Macs ?

...
Ciphers aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com,hmac-sha1,,hmac-sha1-etm@openssh.com,
KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1  
...

109

0 + 0

linux

ssh

Score:0

Server

shearn89

7/21/23, 4:32 PM

You can download a system hardening guide (e.g. this one from the CIS) and use that to check.

From the latest (2022-03-21) RHEL 7 benchmark:

Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128- gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2- 512,hmac-sha2-256
KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2- nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange- sha256

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to identify any weak MACs, Ciphers in the sshd_config

TH: วิธีระบุ MAC ที่อ่อนแอ, Ciphers ใน sshd_config

RO: Cum să identifici orice MAC slabe, Cifre în sshd_config

RU: Как определить любые слабые MAC-адреса, шифры в sshd_config

VI: Cách xác định bất kỳ MAC yếu, Mật mã nào trong sshd_config

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.