Upon doing a open-vas security scan on my servers I get the following security risk:
The remote SSH server is configured to allow weak encryption algorithms.
Vulnerability Detection Result
The following weak client-to-server encryption algorithms are supported by the remote service:
- [email protected]
My sensors are currently in compatibility mode as they give error state in default.
SSH server version:
- OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
I found this:
|Important note: PRTG includes a new SSH engine as of version 16.2.24 to provide best performance and security for your SSH sensors. Please consider this SSH engine as beta: it still does not support all OpenSSH libraries but we are working on it. If PRTG's new SSH engine does not yet work in your case, you can still use the old SSH engine as legacy version: select the Compatibility Mode for SSH Engine in the sensor or device settings. In this case, please consider the article below.|
So back to my question, which encryption algorithms do the sensors support. Please specify for both default & compatibility mode so I can allow only the algorithms