Skip to main content

Remediation Steps

Follow the steps below to remediate this finding on Windows.

  1. For Win32-OpenSSH, edit C:

    \ProgramData\ssh\sshd_config (or %PROGRAMDATA%\ssh\sshd_config).

  2. Add or update the Ciphers directive to exclude CBC ciphers:

    Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com

  3. Restart the sshd service:

    Restart-Service sshd
Back to top