This shows up in the security scan, can you check if this is CAPM related.
Plugin Output: The following weak key exchange algorithms are enabled :
diffie-hellman-group-exchange-sha1
diffie-hellman-group1-sha1
The remote SSH server is configured to allow key exchange algorithms which are considered weak. This is based on the IETF draft document Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH) draft-ietf-curdle-ssh-kex-sha2-20. Section 4 lists guidance on key exchange algorithms that SHOULD NOT and MUST NOT be enabled. This includes:
diffie-hellman-group-exchange-sha1
diffie-hellman-group1-sha1
gss-gex-sha1-*
gss-group1-sha1-*
gss-group14-sha1-*
rsa1024-sha1
Note that this plugin only checks for the options of the SSH server, and it does not check for vulnerable software versions.
Does the DX NetOps Performance Management release and any of its component systems enable weak key exchange diffie-hellman-group algorithm?
Nessau scanning tools were used to find the problem.
All supported DX NetOps Performance Management releases
How can we remediate this concern?