• [漏洞修补]SSH Server CBC Mode Ciphers Enabled

    1.nmap查看漏洞

    nmap --script ssh2-enum-algos -sV -p 22 <目标IP>

    [root@Test nessus]# nmap --script ssh2-enum-algos -sV -p 22 10.1.16.19
Starting Nmap 7.91 ( https://nmap.org ) at 2021-10-10 11:47 CST
Host is up (0.00015s latency).

PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 7.4 (protocol 2.0)
| ssh2-enum-algos:
|   kex_algorithms: (12)
|       curve25519-sha256
|       curve25519-sha256@libssh.org
|       ecdh-sha2-nistp256
|       ecdh-sha2-nistp384
|       ecdh-sha2-nistp521
|       diffie-hellman-group-exchange-sha256
|       diffie-hellman-group16-sha512
|       diffie-hellman-group18-sha512

    2. 漏洞修复

    echo "Ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com" >> /etc/ssh/sshd_config 
&& systemctl restart sshd

    3. 检查漏洞

    ssh -vv -oCiphers=aes128-cbc,3des-cbc,blowfish-cbc 10.1.16.19
Unable to negotiate with 10.1.16.19 port 22: no matching cipher found. Their offer: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com

    END
  • 相关阅读:
    浅谈流形学习
    变分例子
    变分
    基于深度学习的目标检测技术演进:R-CNN、Fast R-CNN,Faster R-CNN
    模拟退火
    粒子群算法
    JavaEE Tutorials (24)
    洛谷 P2026 求一次函数解析式
    洛谷 P1598 垂直柱状图
    洛谷 P1781 宇宙总统
  • 原文地址:https://www.cnblogs.com/leoshi/p/15389046.html
Copyright © 2020-2023  润新知