Foundstone Security Scanner reports a "potentially weak key exchange algorithm" for Sun Secure Shell (ssh)
(Doc ID 1223914.1)
Last updated on APRIL 24, 2020
Applies to:Solaris Operating System - Version 9 GA to 11.1 [Release 9.0 to 11.0]
Information in this document applies to any platform.
Foundstone Security Scanner reports a "potentially weak key exchange algorithm".
The scanner report reads as follows:
The target Secure Shell 2 (SSH2) server supports a potentially weak key
The Secure Shell 2 (SSH2) protocol is a presentation layer protocol used to
provide secure client-server communication. The SSH2 protocol specification
requires that a SSH2 server support the diffie-hellman-group1-sha1 key exchange
algorithm. This key exchange algorithm is considered strong, but faces a
potential weakness in that the same prime number is used for all key exchanges.
An alternative key exchange algorithm, diffie-hellman-exchange-group-sha1,
provides enhanced security by allowing for the prime number to be specified
during key exchange.
The server should be configured not to support the diffie-hellman-group1-sha1
algorithm if possible. Consult your vendor's documentation.
the RFE that provides this support in Oracle Solaris is:
from Patch ID: 117177-02
SunSSH in Solaris 10 and 11 already have support for the diffie-hellman-exchange-group-sha1 algorithm so no patch is required on these hosts.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document