Skip to main content

Remediation Steps

Follow the steps below to remediate this finding on Linux (RHEL/CentOS/AlmaLinux).

  1. Edit /etc/ssh/sshd_config and restrict the KexAlgorithms directive:

    KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512

  2. Restart the SSH service:

    sudo systemctl restart sshd
Back to top