My Oracle Support Banner

Oracle Linux: SSH Vulnerability Remediation for Cipher and MACs for Oracle Linux 8 (Doc ID 3017685.1)

Last updated on SEPTEMBER 26, 2024

Applies to:

Linux OS - Version Oracle Linux 8.0 and later
Linux x86-64

Symptoms

For remediation of the weak Cipher and MACs as reported by different scanners, the different approach to rectify the config file of SSH are tried and still the rescan is reporting the same Vulnerability.

eg:- aes256-cbc & aes128-cbc reported for Ciphers and hmac-sha1 & hmac-sha1-etm@openssh.com reported for MACs

Changes

SSH config changes are made to make sure the weak MAC's & Ciphers are removed and remaining values are as given below: 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.