Allow disabling of weak SSH key exchange algorithms
PCI Compliance now regards weak ssh key exchange algorithms as a liability. There should be a way to disable them. It's fairly easy to set up in open-ssh: https://infosec.mozilla.org/guidelines/openssh#Configuration
4
votes
-
John Michael
commented
Awesome write-up, your websites are really good. I appreciate your work.
www.caramembuatwebsiteku.com -
Chris Dart
commented
Specifically the disabling of MAC-based algorithms is recommended