If I see some "weak" or "insecure" tags, what can I do about it? I have no idea how to disable MAC, key-exchange, and encryption algorithms used by the server I control. I had thought that just using SSH was "enough"
More importantly, if I do disable the insecure stuff, what will it break ?
> If I see some "weak" or "insecure" tags, what can I do about it? I have no idea how to disable MAC, key-exchange, and encryption algorithms used by the server I control. I had thought that just using SSH was "enough"
For the most part it is, many of the things they're labeling as "weak" is not stuff that's likely to get you exploited today, but stuff that might at some point in the future - attacks only get better. Not necessarily things that are completely broken, just weak by today's standards.
> More importantly, if I do disable the insecure stuff, what will it break ?
Older clients mostly. Many phone apps for example don't have recent SSH implementations that support newer cryptography.
If I see some "weak" or "insecure" tags, what can I do about it? I have no idea how to disable MAC, key-exchange, and encryption algorithms used by the server I control. I had thought that just using SSH was "enough"
More importantly, if I do disable the insecure stuff, what will it break ?