VA team has scanned the portal servers and reported the following vulnerabilities.
vulnerabilities Names:
SSH Server CBC Mode Ciphers Enabled
SSH Weak Key Exchange Algorithms Enabled
API Portal Supported releases.
1. Add following lines to the /etc/ssh/sshd_config to specify strong ciphers and key Exchange Algorithms explicitly,
#disable CBC mode ciphers
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected]
#disable diffie-hellman-group-exchange-sha1, diffie-hellman-group1-sha1
KexAlgorithms diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,[email protected]
#disable weak mac algorithms
MACs hmac-sha2-256,hmac-sha2-512
2. Restart the SSH server
systemctl restart sshd