Disable SSH Weak Key Exchange Algorithms

potemkin_ai

and a final piece:

The remote SSH server is configured to allow either MD5 or 96-bit MAC algorithms, both of which are considered weak.

The following client-to-server Message Authentication Code (MAC) algorithms
are supported :

hmac-sha1-96

necrevistonnezr

https://docs.cloudron.io/security/#securing-ssh-access

If you use SSH Keys (EdDSA, not RSA!) as per recommendation (although the basic server config is out of Cloudron’s purview) this doesn‘t really matter, I believe….

girish

@potemkin_ai you are free to edit the SSH config as you like. We rely on the default SSHD config (this , in turn comes from your VPS provider and Ubuntu images).

potemkin_ai

@girish yeah, I know.

I wonder why across many similarly configured boxes with the same base ubuntu with the same base sshd only cloudron enabled boxes have that issue.

And since across multiple boxes with the same base os and configs only cloudron produce that kind of message I reported it here.

girish

@potemkin_ai do you see any change in sshd configs between them? We only add a single comment to sshd.

potemkin_ai

@girish nop. I also checked that, but there are no differences in the configs (apart from the port number)

girish

@potemkin_ai Is there a way I can run these tests myself?

potemkin_ai

@girish sure - just run Nessus full security scan against your server.

girish

@potemkin_ai No idea what that is. Do you have a link? Is it an online service or something to download ? Also, have you tried asking them about the discrepancy ? If ssh configs are the same, what else could be different?

potemkin_ai

@girish Nessus is a very old security scanner: https://nessus.org/

No ideas, to be honest... that's why I thought to raise it to you.