SSH vulnerabilities: HMAC algorithms and CBC ciphers

Solution Verified - Updated -


  • the following vulnerabilities were received on RHEL 5 and RHEL 6 servers (related to RHEL7 too):
SSH Insecure HMAC Algorithms Enabled
SSH CBC Mode Ciphers Enabled

Below is the update from a security scanner regarding the vulnerabilities 

Vulnerability Name: SSH Insecure HMAC Algorithms Enabled

Description: Insecure HMAC Algorithms are enabled

Disable any 96-bit HMAC Algorithms.Disable any MD5-based HMAC Algorithms.
Vulnerability Name: SSH CBC Mode Ciphers Enabled

Description: CBC Mode Ciphers are enabled on the SSH Server.

Solution: Disable CBC Mode Ciphers and use CTR Mode Ciphers


  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 5

  • OpenSSH

  • Putty

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In