Date: Wed, 9 Feb 2022 15:28:41 -0700 (MST) From: Dale Scott <dalescott@shaw.ca> To: Jon Radel <jon@radel.com> Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: how to disable support for MD5 in ssh server Message-ID: <1365403251.570153055.1644445721383.JavaMail.zimbra@shaw.ca> In-Reply-To: <9ABC5361-1C6A-45FB-9EC9-703DA1E85D6C@radel.com> References: <4776E413-18B8-42D0-AA56-DDF7F376736B@radel.com> <9ABC5361-1C6A-45FB-9EC9-703DA1E85D6C@radel.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> From: "Jon Radel" <jon@radel.com> > To: "Dale Scott (dalescott@shaw)" <dalescott@shaw.ca> > Cc: "freebsd-questions" <freebsd-questions@freebsd.org> > Sent: Wednesday, February 9, 2022 2:12:20 PM > Subject: Re: how to disable support for MD5 in ssh server > The dreaded follow up to my own response: >=20 > If you do try ssh-audit, run it with -v. md5 hashes can also be used with= server > fingerprints. That=E2=80=99s only reported in verbose mode. >=20 > I=E2=80=99m unclear if you can turn off md5 completely for that, though F= ingerprintHash > seems to control whether they=E2=80=99re paid attention to. Thanks Jon for the suggestions, I'll give ssh-audit a try. I'll also check if I can get more specific information from SecurityScorecard. I found they= have a bot that responds if you question a reported security issue with details wh= y they believe it's an issue (they say they will escalate to a real person if you = persist). Having fun! ;-) Dale
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1365403251.570153055.1644445721383.JavaMail.zimbra>