Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Failte_Peter
Explorer

SSH Weak Key Exchange Algorithms Enabled

Hi Guys,

I got this finding from external company doing scan of my network. I updated checkpoint to version R81.10 take 335. I'm wondering if this update will solve the problem itself or I need to do something more to it. I got something like this from them.

The remote SSH server [IP] is configured to allow key exchange algorithms, which are considered weak.

 

This is based on the IETF draft document Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH) draft-ietf-curdle-ssh-kex-sha2-20. Section 4 lists guidance on key exchange algorithms that SHOULD NOT and MUST NOT be enabled. This includes:

 

• Diffie-hellman-group-exchange-sha1

 

• Diffie-hellman-group1-sha1

 

• gss-gex-sha1-*

 

• gss-group1-sha1-*

 

• gss-group14-sha1-*

 

• rsa1024-sha1
0 Kudos
1 Reply
PhoneBoy
Admin
Admin

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events