https://community.extremenetworks.com/t5/extremeswitching-eos/ssh-weak-key-exchange-algorithms-enabled/m-p/57875#M1180 Hi Team ,<BR /><BR />I am facing issue in Extreme switches for SSH Weak Key Exchange Algorithms Enabled . Can anybody help how to remove this thing .<BR /><SPAN style="background-color: #ffff00;"><STRONG>System Type: NWI-E450A</STRONG></SPAN><BR /><STRONG><SPAN style="background-color: #ffff00;"> Created by ExtremeXOS version 16.2.3.5</SPAN><BR /></STRONG><BR />The remote SSH server is configured to allow key exchange algorithms which are considered weak.<BR /><BR />This is based on the IETF draft document Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH)<BR />draft-ietf-curdle-ssh-kex-sha2-20. Section 4 lists guidance on key exchange algorithms that SHOULD NOT and MUST NOT be<BR />enabled. This includes:<BR /><BR />diffie-hellman-group-exchange-sha1<BR /><BR />diffie-hellman-group1-sha1<BR /><BR />gss-gex-sha1-*<BR /><BR />gss-group1-sha1-*<BR /><BR />gss-group14-sha1-*<BR /><BR />rsa1024-sha1<BR /><BR /><BR />Note that this plugin only checks for the options of the SSH server, and it does not check for vulnerable software<BR />versions.<BR /><BR /><BR />regards&nbsp;<BR />Parvinder SIngh Tue, 15 Mar 2022 07:59:00 GMT ParvinderS 2022-03-15T07:59:00Z https://community.extremenetworks.com/t5/extremeswitching-eos/ssh-weak-key-exchange-algorithms-enabled/m-p/57875#M1180 Hi Team ,<BR /><BR />I am facing issue in Extreme switches for SSH Weak Key Exchange Algorithms Enabled . Can anybody help how to remove this thing .<BR /><SPAN style="background-color: #ffff00;"><STRONG>System Type: NWI-E450A</STRONG></SPAN><BR /><STRONG><SPAN style="background-color: #ffff00;"> Created by ExtremeXOS version 16.2.3.5</SPAN><BR /></STRONG><BR />The remote SSH server is configured to allow key exchange algorithms which are considered weak.<BR /><BR />This is based on the IETF draft document Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH)<BR />draft-ietf-curdle-ssh-kex-sha2-20. Section 4 lists guidance on key exchange algorithms that SHOULD NOT and MUST NOT be<BR />enabled. This includes:<BR /><BR />diffie-hellman-group-exchange-sha1<BR /><BR />diffie-hellman-group1-sha1<BR /><BR />gss-gex-sha1-*<BR /><BR />gss-group1-sha1-*<BR /><BR />gss-group14-sha1-*<BR /><BR />rsa1024-sha1<BR /><BR /><BR />Note that this plugin only checks for the options of the SSH server, and it does not check for vulnerable software<BR />versions.<BR /><BR /><BR />regards&nbsp;<BR />Parvinder SIngh Tue, 15 Mar 2022 07:59:00 GMT https://community.extremenetworks.com/t5/extremeswitching-eos/ssh-weak-key-exchange-algorithms-enabled/m-p/57875#M1180 ParvinderS 2022-03-15T07:59:00Z