The remote SSH server is configured to allow either MD5 or 96-bit MAC algorithms, both of which are considered weak. Note that this plugin only checks for the options of the SSH server, and it does not check for vulnerable software versions.
You may contact the vendor or consult the product documentation to disable MD5 and 96-bit Message Authentication Code (MAC) algorithms.
- The following client-to-server MAC algorithms are supported:
- hmac-md5
- hmac-md5-96
- hmac-sha1-96
- The following server-to-client MAC algorithms are supported:
- hmac-md5
- hmac-md5-96
- hmac-sha1-96
Click image to enlarge.
For this vulnerability scan result, modify the configuration of SSHD to fix the issue:
- Open sshd_config in /etc/ssh directory.
- Add following sentence to last line:
MACs hmac-sha1,umac-64@openssh.com,hmac-ripemd160
Click image to enlarge.
- Save and quit.
- Restart sshd service using the command:
[root@imsva~#] service sshd restart
Click image to enlarge.