Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,298,477
Community Members
 
Community Events
165
Community Groups

We are getting vulnerability reported for Bitbucket Server - "Deprecated SSH Cryptographic Settings"

Deleted user Sep 03, 2021

We are getting vulnerability reported for Bitbucket Server - "Deprecated SSH Cryptographic Settings"

And the solution suggested by the respective team is below :

"Avoid using deprecated cryptographic settings.
Use best practices when configuring SSH.
Refer to Security of Interactive and Automated Access Management Using Secure Shell (SSH) (https://csrc.nist.gov/publications/detail/nistir/7966/final) .
Settings currently considered deprecated:


<DL>
<DT>Ciphers using CFB of OFB</DT>
<DD>Very uncommon, and deprecated because of weaknesses compared to newer cipher chaining modes such as CTR or GCM</DD>
<DT>RC4 cipher (arcfour, arcfour128, arcfour256)</DT>
<DD>The RC4 cipher has a cryptographic bias and is no longer considered secure</DD>
<DT>Ciphers with a 64-bit block size (DES, 3DES, Blowfish, IDEA, CAST)</DT>
<DD>Ciphers with a 64-bit block size may be vulnerable to birthday attacks (Sweet32)</DD>
<DT>Key exchange algorithms using DH group 1 (diffie-hellman-group1-sha1, gss-group1-sha1-*)</DT>
<DD>DH group 1 uses a 1024-bit key which is considered too short and vulnerable to Logjam-style attacks</DD>
<DT>Key exchange algorithm ""rsa1024sha1""</DT>
<DD>Very uncommon, and deprecated because of the short RSA key size</DD>
<DT>MAC algorithm ""umac-32""</DT>
<DD>Very uncommon, and deprecated because of the very short MAC length</DD>
<DT>Cipher ""none""</DT>
<DD>This is available only in SSHv1</DD>
</DL>"

0 answers

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bitbucket

Git push size limits are coming to Bitbucket Cloud starting April 4th, 2022

Beginning on April 4th, we will be implementing push limits. This means that your push cannot be completed if it is over 3.5 GB. If you do attempt to complete a push that is over 3.5 GB, it will fail...

2,229 views 2 9
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you