I recently installed an OpenVAS/Greenbone vulnerability scanner to check my environment since the price was right and I currently don’t have a budget for it. One thing that I’ve been noticing on all of my linux systems (SLES 11 SP4) is that they all have a warning to disable weak ciphers for SSH. I can’t for the life of me figure out what I am doing wrong to disable them. I’m following all of the instructions that I find to the letter but the weak ciphers keep showing up. I hate to mark it as a straight up “False Positive” since that interferes with the OpenVAS/Greenbone scoring system. Here is what I’m doing…
My first try was to edit the /etc/ssh/sshd_conf file and add the following line to remove the weak Arcfour ciphers:
I restarted the sshd service a couple of times and even restarted the system. When I ssh -Q cipher I continue to get the following:
So after a number of other things and trying more stuff I decided to try Yast and edit the SSHD Configuration. Under Supported Ciphers the list contained and I removed arcfour, arcfour128, and arcfour256. Again after restarting the sshd and server itself, the ssh -Q cipher displays the same list as above.
If I run a ssh -T | grep ciphers I get the following:
Like I said, I hate to just write this off as a false positive since if I can find a fix that OpenVAS is happy with it will lower my score on all of the SLES systems, even though I’m still only in the Medium category, I’d like to get everything that I can to a low. Thanks for any direction that you can provide.