Our B2BI is running in IBM SoftLayer data center, base on the IBM security polices, SFTP/SSH Weak Encryption and MAC Algorithms are not allowed, we need to be able disable the following weak algorithms. The following are the weak algorithms and vulnerability ID.
Medium - [22/tcp/ssh] - SSH Weak Algorithms Supported
Vuln ID 381945 - Nessus Plugin ID 90317
The following weak server-to-client encryption algorithms are supported : arcfour arcfour128 arcfour256 The following weak client-to-server encryption algorithms are supported : arcfour arcfour128 arcfour256
Low - [22/tcp/ssh] - SSH Weak MAC Algorithms Enabled
Vuln ID 353707 - Nessus Plugin ID 71049
The following client-to-server Message Authentication Code (MAC) algorithms are supported : hmac-md5 hmac-md5-96 hmac-sha1-96 The following server-to-client Message Authentication Code (MAC) algorithms are supported : hmac-md5 hmac-md5-96 hmac-sha1-96
Support suggested to use NIST mode, but this limits the SFTP key size to 2048 or higher, but there are partners use 1024 keysize