zoukankan      html  css  js  c++  java
  • [漏洞修补]SSH Server CBC Mode Ciphers Enabled

    1.nmap查看漏洞

    nmap --script ssh2-enum-algos -sV -p 22 <目标IP>

    [root@Test nessus]# nmap --script ssh2-enum-algos -sV -p 22 10.1.16.19
    Starting Nmap 7.91 ( https://nmap.org ) at 2021-10-10 11:47 CST
    Host is up (0.00015s latency).
    
    PORT   STATE SERVICE VERSION
    22/tcp open  ssh     OpenSSH 7.4 (protocol 2.0)
    | ssh2-enum-algos:
    |   kex_algorithms: (12)
    |       curve25519-sha256
    |       curve25519-sha256@libssh.org
    |       ecdh-sha2-nistp256
    |       ecdh-sha2-nistp384
    |       ecdh-sha2-nistp521
    |       diffie-hellman-group-exchange-sha256
    |       diffie-hellman-group16-sha512
    |       diffie-hellman-group18-sha512
    

    2. 漏洞修复

    echo "Ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com" >> /etc/ssh/sshd_config 
    && systemctl restart sshd
    

    3. 检查漏洞

    ssh -vv -oCiphers=aes128-cbc,3des-cbc,blowfish-cbc 10.1.16.19
    Unable to negotiate with 10.1.16.19 port 22: no matching cipher found. Their offer: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
    

    END

  • 相关阅读:
    两小时后执行打开浏览器的操作
    Markdown语法
    Python机器学习2.2
    身份证姓名与身份证号校验
    根据银行卡号获取开户行
    生成微信小程序二维码
    .net 生成二维码
    微信支付API V3(.Net Core)
    .net 生成项目xml描述文件
    汉字排序问题
  • 原文地址:https://www.cnblogs.com/leoshi/p/15389046.html
Copyright © 2011-2022 走看看