Re: how to disable support for MD5 in ssh server

Reply: Dewayne Geraghty : "Re: how to disable support for MD5 in ssh server"
In reply to: Dale Scott : "how to disable support for MD5 in ssh server"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Doug McIntyre <merlyn_at_geeks.org>
Date: Thu, 10 Feb 2022 00:05:10 UTC

On Wed, Feb 09, 2022 at 11:38:43AM -0700, Dale Scott wrote:
> Hi all, I'm a security novice so I signed up with SecurityScorecard for a review.
> 
> My scorecard has 3 points subtracted because "The SSH server is configured to support MD5 algorithm." 
> 
> I've read through SSHD_CONFIG(5) and the Ciphers section doesn't include MD5 in defaults.

There's also sites like https://github.com/bsdlabs/ssh-hardening
That take you through the steps to get a reasonable hardened SSH.

You can also install openssh from ports to get a newer version as well
as hardening the config, although I suspect that would drop blacklistd
support from it if you use that.