我读过这个文章,其中指出了薄弱的 Mac 算法。目前,我已经从我的 中删除了所有有问题的 Mac sshd_configuration。但我仍然担心Ciphers。
这是我的sshd_config文件。有人能帮我识别弱项Ciphers吗Macs?
...
Ciphers aes128-cbc,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],[email protected]
MACs [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,[email protected],hmac-sha1,,[email protected],
KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1
...
答案1
您可以下载系统强化指南(例如这个来自 CIS) 并使用它来检查。
来自最新的(2022-03-21)RHEL 7 基准:
Ciphers [email protected],[email protected],aes128- [email protected],aes256-ctr,aes192-ctr,aes128-ctr
MACs [email protected],[email protected],hmac-sha2- 512,hmac-sha2-256
KexAlgorithms curve25519-sha256,[email protected],ecdh-sha2- nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange- sha256