Why are rsa-sha2-256 and rsa-sha2-512 reported as weak HostKey algorithms?

Open kulkarniamit opened this issue 1 year ago • 0 comments

Sample run

$ python3 sshscan.py -t <target_host>
...
    [+] Detected the following weak HostKey algorithms:
            rsa-sha2-512                         ecdsa-sha2-nistp256
            rsa-sha2-256

Why are rsa-sha2-256 and rsa-sha2-512 not included in config.yml by default? Is there any recommended SSH hardening guide to follow?

May 29 '24 18:05 kulkarniamit