Nessus has detected that the remote SSH server is configured to use the Arcfour stream cipher or no cipher at all. RFC 4253 advises against using Arcfour due to an issue with weak keys.
You may contact the vendor or consult the product documentation to remove the weak ciphers.
You may refer to Section 6.3: Encryption, of the documentation on Secure Shell (SSH) Transport Layer Protocol.
- The following weak server-to-client encryption algorithms are supported:
- arcfour
- arcfour128
- arcfour256
- The following weak client-to-server encryption algorithms are supported:
- arcfour
- arcfour128
- arcfour256
Click image to enlarge.
For this vulnerability scan result, modify the configuration of SSHD to resolve the issue:
-
- Open sshd_config in /etc/ssh directory.
- Add the following sentence to last line:
Ciphers aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc
Click image to enlarge.
- Save and quit.
- Restart sshd service using the command:
[root@imsva~#] service sshd restart
Click image to enlarge.