Re: how to disable support for MD5 in ssh server
- In reply to: Jon Radel : "Re: how to disable support for MD5 in ssh server"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 09 Feb 2022 22:28:41 UTC
> From: "Jon Radel" <jon@radel.com> > To: "Dale Scott (dalescott@shaw)" <dalescott@shaw.ca> > Cc: "freebsd-questions" <freebsd-questions@freebsd.org> > Sent: Wednesday, February 9, 2022 2:12:20 PM > Subject: Re: how to disable support for MD5 in ssh server > The dreaded follow up to my own response: > > If you do try ssh-audit, run it with -v. md5 hashes can also be used with server > fingerprints. That’s only reported in verbose mode. > > I’m unclear if you can turn off md5 completely for that, though FingerprintHash > seems to control whether they’re paid attention to. Thanks Jon for the suggestions, I'll give ssh-audit a try. I'll also check if I can get more specific information from SecurityScorecard. I found they have a bot that responds if you question a reported security issue with details why they believe it's an issue (they say they will escalate to a real person if you persist). Having fun! ;-) Dale