We are getting vulnerability reported for Bitbucket Server - "Deprecated SSH Cryptographic Settings"
And the solution suggested by the respective team is below :
"Avoid using deprecated cryptographic settings.
Use best practices when configuring SSH.
Refer to Security of Interactive and Automated Access Management Using Secure Shell (SSH) (https://csrc.nist.gov/publications/detail/nistir/7966/final) .
Settings currently considered deprecated:
<DL>
<DT>Ciphers using CFB of OFB</DT>
<DD>Very uncommon, and deprecated because of weaknesses compared to newer cipher chaining modes such as CTR or GCM</DD>
<DT>RC4 cipher (arcfour, arcfour128, arcfour256)</DT>
<DD>The RC4 cipher has a cryptographic bias and is no longer considered secure</DD>
<DT>Ciphers with a 64-bit block size (DES, 3DES, Blowfish, IDEA, CAST)</DT>
<DD>Ciphers with a 64-bit block size may be vulnerable to birthday attacks (Sweet32)</DD>
<DT>Key exchange algorithms using DH group 1 (diffie-hellman-group1-sha1, gss-group1-sha1-*)</DT>
<DD>DH group 1 uses a 1024-bit key which is considered too short and vulnerable to Logjam-style attacks</DD>
<DT>Key exchange algorithm ""rsa1024sha1""</DT>
<DD>Very uncommon, and deprecated because of the short RSA key size</DD>
<DT>MAC algorithm ""umac-32""</DT>
<DD>Very uncommon, and deprecated because of the very short MAC length</DD>
<DT>Cipher ""none""</DT>
<DD>This is available only in SSHv1</DD>
</DL>"
