how to disable support for MD5 in ssh server

From: Dale Scott <dalescott_at_shaw.ca>
Date: Wed, 09 Feb 2022 18:38:43 UTC
Hi all, I'm a security novice so I signed up with SecurityScorecard for a review.

My scorecard has 3 points subtracted because "The SSH server is configured to support MD5 algorithm." 

I've read through SSHD_CONFIG(5) and the Ciphers section doesn't include MD5 in defaults.

I also don't see MD5 listed in the response to "# sshd -T | grep "\(ciphers\|macs\|kexalgorithms\)"

The only edit I have made to the default /etc/ssh/sshd_config was to disable password login (to allow ssh only).

What am I not understanding? Google hasn't been much help, although I expect I haven't been asking the right question.

Should I disable MD5 as recommended, and how?


% uname -a
FreeBSD starlord 13.0-RELEASE-p7 FreeBSD 13.0-RELEASE-p7 #0: Mon Jan 31 18:24:03 UTC 2022     root@amd64-builder.daemonology.net:/usr/obj/usr/src/amd64.amd64/sys/GENERIC  amd64

Many thanks in advance,
Dale

P.S.