Hmac-md5-96 bit need to be disable

We have done the VULNERABILITIES scanning and it’s says to disable the hmac-md5-96 bit need to be disable but in our ssh configuration file we have added the entry to disable to hmac-md5-96.

#MACs hmac-md5,,hmac-sha1-96,hmac-md5-96,hmac-sha2-256,hmac-sha2-512
MACs hmac-sha2-256,hmac-sha2-512,,,,hmac-sha1-96,hmac-md5-96

But still the VULNERABILITIES is not get closing can u help me on this.

Changing ciphers in the sshd_config file will not get you very far, as it is dictated by the crypto-policy on the system.

I recommend reading the following articles:

@nazunalika ,

I have changed cryptographic from Legacy to Default but after that when we do the VULNERABILITIES scanning now it’s giving below error.

Insecure MAC algorithms in use:,hmac-sha1

Where we have removed the those lines in the sshd config file as well in /etc/crypto-policies/back-ends/openssh.config file

Can you people pls help me on this issue

Issue fixed, thanks @nazunalika for your support.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.