how to disable support for MD5 in ssh server
Date: Wed, 09 Feb 2022 18:38:43 UTC
Hi all, I'm a security novice so I signed up with SecurityScorecard for a review. My scorecard has 3 points subtracted because "The SSH server is configured to support MD5 algorithm." I've read through SSHD_CONFIG(5) and the Ciphers section doesn't include MD5 in defaults. I also don't see MD5 listed in the response to "# sshd -T | grep "\(ciphers\|macs\|kexalgorithms\)" The only edit I have made to the default /etc/ssh/sshd_config was to disable password login (to allow ssh only). What am I not understanding? Google hasn't been much help, although I expect I haven't been asking the right question. Should I disable MD5 as recommended, and how? % uname -a FreeBSD starlord 13.0-RELEASE-p7 FreeBSD 13.0-RELEASE-p7 #0: Mon Jan 31 18:24:03 UTC 2022 root@amd64-builder.daemonology.net:/usr/obj/usr/src/amd64.amd64/sys/GENERIC amd64 Many thanks in advance, Dale P.S.