Score:0

How to identify any weak MACs, Ciphers in the sshd_config

cn flag

I read this article, where it pointed out the weak mac algorithms. And currently I removed any bad Macs from my sshd_configuration. But I am still worried about the Ciphers.

Here's my sshd_config file. Can someone help me identify the weak Ciphers and Macs ?

...
Ciphers aes128-cbc,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],[email protected]
MACs [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,[email protected],hmac-sha1,,[email protected],
KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1  
...
Score:0
cn flag

You can download a system hardening guide (e.g. this one from the CIS) and use that to check.

From the latest (2022-03-21) RHEL 7 benchmark:

Ciphers [email protected],[email protected],aes128- [email protected],aes256-ctr,aes192-ctr,aes128-ctr
MACs [email protected],[email protected],hmac-sha2- 512,hmac-sha2-256
KexAlgorithms curve25519-sha256,[email protected],ecdh-sha2- nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange- sha256
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.