Skip to main content

Remediation Steps

Follow the steps below to remediate this finding on Linux (RHEL/CentOS/AlmaLinux).

  1. Update OpenSSH to 9.6+ if available:

    sudo dnf update openssh-server openssh-clients

  2. If the update is not available, disable the affected algorithms in /etc/ssh/sshd_config:

    Ciphers -chacha20-poly1305@openssh.com
MACs -hmac-sha2-256-etm@openssh.com,-hmac-sha2-512-etm@openssh.com
sudo systemctl restart sshd
Back to top