1.nmap查看漏洞
nmap --script ssh2-enum-algos -sV -p 22 <目标IP>
[root@Test nessus]# nmap --script ssh2-enum-algos -sV -p 22 10.1.16.19
Starting Nmap 7.91 ( https://nmap.org ) at 2021-10-10 11:47 CST
Host is up (0.00015s latency).
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.4 (protocol 2.0)
| ssh2-enum-algos:
| kex_algorithms: (12)
| curve25519-sha256
| curve25519-sha256@libssh.org
| ecdh-sha2-nistp256
| ecdh-sha2-nistp384
| ecdh-sha2-nistp521
| diffie-hellman-group-exchange-sha256
| diffie-hellman-group16-sha512
| diffie-hellman-group18-sha512
2. 漏洞修复
echo "Ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com" >> /etc/ssh/sshd_config
&& systemctl restart sshd
3. 检查漏洞
ssh -vv -oCiphers=aes128-cbc,3des-cbc,blowfish-cbc 10.1.16.19
Unable to negotiate with 10.1.16.19 port 22: no matching cipher found. Their offer: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com