Re: how to disable support for MD5 in ssh server

Reply: Dale Scott : "Re: how to disable support for MD5 in ssh server"
In reply to: Dale Scott : "how to disable support for MD5 in ssh server"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Michael Sierchio <kudzu_at_tenebras.com>
Date: Thu, 10 Feb 2022 22:16:35 UTC

On Wed, Feb 9, 2022 at 10:39 AM Dale Scott <dalescott@shaw.ca> wrote:

> Hi all, I'm a security novice so I signed up with SecurityScorecard for a
> review.
>
> My scorecard has 3 points subtracted because "The SSH server is configured
> to support MD5 algorithm."
>
> I've read through SSHD_CONFIG(5) and the Ciphers section doesn't include
> MD5 in defaults.
>
> I also don't see MD5 listed in the response to "# sshd -T | grep
> "\(ciphers\|macs\|kexalgorithms\)"
>

I would conclude that SecurityScorecard is bunk, incompetent, a waste of
time.

sshd -T | grep "\(ciphers\|macs\|kexalgorithms\|hostkeyalgorithms\)"

Certainly says what your server is willing to negotiate.  Who knows why
they came the conclusion they did.