Hmac-md5-96 bit need to be disable

We have done the VULNERABILITIES scanning and it’s says to disable the hmac-md5-96 bit need to be disable but in our ssh configuration file we have added the entry to disable to hmac-md5-96.

Ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
#MACs hmac-md5,umac-64@openssh.com,hmac-sha1-96,hmac-md5-96,hmac-sha2-256,hmac-sha2-512
MACs hmac-sha2-256,hmac-sha2-512,umac-128@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-96,hmac-md5-96

But still the VULNERABILITIES is not get closing can u help me on this.

Changing ciphers in the sshd_config file will not get you very far, as it is dictated by the crypto-policy on the system.

I recommend reading the following articles:

@nazunalika ,

I have changed cryptographic from Legacy to Default but after that when we do the VULNERABILITIES scanning now it’s giving below error.

Insecure MAC algorithms in use: hmac-sha1-etm@openssh.com,hmac-sha1

Where we have removed the those lines in the sshd config file as well in /etc/crypto-policies/back-ends/openssh.config file

Can you people pls help me on this issue

Issue fixed, thanks @nazunalika for your support.