SSH 弱い鍵交換アルゴリズムが有効になっています
SSH サーバーの CBC モード暗号が有効になっています
https://knowledge.broadcom.com/external/article/263231/disabling-weak-kex-algorithms-hostkey-al.html
http://kb.ictbanking.net/article.php?id=690&oid=2
https: //access.redhat.com/solutions/6963758
----------------------
# sshd -T | grep "\(ciphers\|macs\|kexalgorithms\)"
gssapikexalgorithms gss-gex-sha1-,gss-group1-sha1-,gss-group14-sha1-
ciphers [email protected],aes128-ctr,aes192- ctr,aes256-ctr,[email protected],aes256 [email protected],aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc macs umac-
64- [email protected]、[email protected]、[email protected]、hmac-sha2-512-et [email protected]、[email protected] 、[email protected]、[email protected]、hmac-sha2-256、hmac-sha2-512、hmac-sha1
Kexalgorithms 曲線 25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,e cdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512, diffie-hellman-group18-sha512、diffie-hellman-group-exchange-sha1、diffie-hellman-group14-sha256、diffie-hellman-group 14-sha1、diffie-hellman-group1-sha1
-----------------------
# vi /etc/ssh/sshd_config
暗号 aes128-ctr、aes192-ctr、aes256-ctr
KexAlgorithms ecdh-sha2-nistp256、 ecdh-sha2-nistp384、ecdh-sha2-nistp521、diffie-hellman-group14-sha1、diffie-hellman-group-exchange-sha256
MAC hmac-sha2-256、hmac-sha2-512
gssapikeyexchange なし
gssapiauthentication なし
------------------------
# systemctl sshd を再起動
-----------
# sshd -T | grep "\(ciphers\|macs\|kexalgorithms\)"
gssapikexalgorithms gss-gex-sha1-、gss-group1-sha1-、gss-group14-sha1-
ciphers aes128-ctr、aes192-ctr、aes256-ctr
macs hmac- sha2-256、hmac-sha2-512
kexalgorithms ecdh-sha2-nistp256、ecdh-sha2-nistp384、ecdh-sha2-nistp521、diffie-hellman-group14-sha1、diffie-hellman-group-exchange-sha256
----- --------------------------------------------------
# sshd-T | grep gssapi