Print

SSH SHA-1 HMAC 算法已启用

42分钟前 发表

漏洞描述

目标主机SSH服务存在SHA-196MAC弱加密算法,SSH弱加密算法可能会导致认证信息被窃听、破解。

漏洞解决方案

关闭SHA-196位的mac算法。如下所示,选择不含 SHA-1  96位的mac算法:

 [H3C]ssh2 algorithm mac ?                                   

  md5       HMAC-MD5                                                            

  md5-96    HMAC-MD5-96                                                        

  sha1      HMAC-SHA1                                                          

  sha1-96   HMAC-SHA1-96                                                        

  sha2-256  HMAC-SHA2-256                                                      

  sha2-512  HMAC-SHA2-512