Avamar: Remote SSH server is configured to use the Arcfour stream cipher
Podsumowanie: A security scanner reports "Remote SSH server is configured to use the Arcfour stream cipher"
Objawy
The security scanner reports the following problem: "Remote SSH server is configured to use the Arcfour stream cipher"
Przyczyna
Rozwiązanie
Note: Basic knowledge of Linux version of vi editor is required to complete the following steps.
1. Log into the node as the admin user, then switch to root:
su -
Enter the root password when prompted.
2. Make a copy of /etc/ssh/sshd_config file
cp -p /etc/ssh/sshd_config /etc/ssh/x-sshd_config_`date -I`
3. Edit the /etc/ssh/sshd_config file
vi /etc/ssh/sshd_config
4. Comment out the line starting with "Ciphers" (if exists) by inserting the # symbol at the beginning of line.
5. Insert the following line between the "Protocol 2" line and the "UseDNS no" line:
Ciphers aes128-ctr,aes192-ctr,aes256-ctr
6. Save the file and run a syntax check:
/usr/sbin/sshd -t
7. If the syntax check comes back clean, restart the SSH daemon:
service sshd restart
8. Use the "exit" command to return to an admin shell, then run the following command to confirm that arcfour is now disabled:
ssh -c arcfour localhost 'date'
Example of expected command output:
[/home/admin]=>ssh -c arcfour localhost 'date'
no matching cipher found: client arcfour server aes128-ctr,aes192-ctr,aes256-ctr
Once it is confirmed that arcfour is no longer in the cipher list, please re-run the security scan.