Print

SSH弱MAC算法启用

1小时前 发表

漏洞描述

目标主机SSH服务存在MD596MAC弱加密算法,SSH弱加密算法可能会导致认证信息被窃听、破解。

漏洞解决方案

关闭md596位的mac算法。如下所示,选择不含md596位的mac算法:

[H3C]ssh2 algorithm mac ?                                   

  md5       HMAC-MD5                                                           

  md5-96    HMAC-MD5-96                                                         

  sha1      HMAC-SHA1                                                          

  sha1-96   HMAC-SHA1-96                                                       

  sha2-256  HMAC-SHA2-256                                                       

  sha2-512  HMAC-SHA2-512