SSH Weak Key Exchange Algorithms Enabled

Failte_Peter — Tue, 09 Jul 2024 07:16:07 GMT

Hi Guys,

I got this finding from external company doing scan of my network. I updated checkpoint to version R81.10 take 335. I'm wondering if this update will solve the problem itself or I need to do something more to it. I got something like this from them.

The remote SSH server [IP] is configured to allow key exchange algorithms, which are considered weak.

This is based on the IETF draft document Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH) draft-ietf-curdle-ssh-kex-sha2-20. Section 4 lists guidance on key exchange algorithms that SHOULD NOT and MUST NOT be enabled. This includes:

• Diffie-hellman-group-exchange-sha1

• Diffie-hellman-group1-sha1

• gss-gex-sha1-*

• gss-group1-sha1-*

• gss-group14-sha1-*

• rsa1024-sha1

Re: SSH Weak Key Exchange Algorithms Enabled

PhoneBoy — Wed, 10 Jul 2024 17:16:41 GMT

Please review: https://support.checkpoint.com/results/sk/sk172189

topic Re: SSH Weak Key Exchange Algorithms Enabled in Firewall and Security Management

SSH Weak Key Exchange Algorithms Enabled

Re: SSH Weak Key Exchange Algorithms Enabled