Univention Bugzilla – Bug 55623
un-recommended ssh gss kex algorithm key
Last modified: 2023-01-31 15:24:11 CET
We have done some security scann on UCS server for SSH Audit. We were using https://github.com/jtesta/ssh-audit for scanning after custom MACs and KexAlgorithms there are still problems with gss kex Algorithms. The report: # key exchange algorithms (kex) gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g== -- [warn] using weak hashing algorithm (kex) gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g== -- [fail] using small 1024-bit modulus `- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack `- [warn] using weak hashing algorithm (kex) gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g== -- [warn] using weak hashing algorithm Here i don't have know-how to search for problem, i hope that would be fixed with update to 5.1