kundai tinarwo
New Member
Hi people, I have a report detailing weak ssh ciphers on a system. How can I dis-allow these specific weak ciphers. The common solution which I am aware of is adding the following lines in sshd_config (which is a black list approach):
Ciphers aes128-ctr,aes192-ctr,aes256-ctr
MACs hmac-sha1,hmac-ripemd160
The solution I am looking for is a config which in theory allows all ciphers and MACs except the weak ones (white list approach) as opposed to explicitly defining which ciphers to be allowed.
Ciphers aes128-ctr,aes192-ctr,aes256-ctr
MACs hmac-sha1,hmac-ripemd160
The solution I am looking for is a config which in theory allows all ciphers and MACs except the weak ones (white list approach) as opposed to explicitly defining which ciphers to be allowed.