Nessus Output
Description
Nessus has detected that the remote SSH server is configured to use the Arcfour stream cipher or no cipher at all. RFC 4253 advises against using Arcfour due to an issue with weak keys.
Output from CentOS 7 system:
The following weak server-to-client encryption algorithms are supported : arcfour arcfour128 arcfour256 The following weak client-to-server encryption algorithms are supported : arcfour arcfour128 arcfour256
Solution
Edit the /etc/ssh/sshd_config file to set the parameter as follows:
Ciphers aes128-ctr,aes192-ctr,aes256-ctr |
and restart ssh
systemctl restart sshd |