Cryptography / SSH Weak Key Exchange Algorithms Enabled

Infrastructure

Description

The remote SSH server is configured to allow weak key exchange algorithms.
The IETF draft document Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH) draft-ietf-curdle-ssh-kex-sha2-20, Section 4 lists guidance on key exchange algorithms that SHOULD NOT and MUST NOT be enabled. This includes among others:
diffie-hellman-group-exchange-sha1
diffie-hellman-group1-sha1
gss-gex-sha1-*
gss-group1-sha1-*
gss-group14-sha1-*
rsa1024-sha1

Risk

The SSH key exchange algorithm is fundamental to keep the protocol secure. It is what allows two previously unknown parties to generate a shared key in plain sight, and have that secret remain private to the client and server.
Over time, some implementations of this algorithm have been identified as weak or vulnerable.

Solution

Contact the vendor or consult product documentation to disable the weak algorithms.

Curious? Convinced? Interested?

Arrange a no-obligation consultation with one of our product experts today.