未在节点上应用SSH配置、已删除的用户名仍在使用中
适用场景
- ONTAP 9
- SSH
- 密码
- 漏洞
问题描述
- 未从HA对中的单个节点中删除此密钥
- security ssh show输出指示已删除这些帐户
Cluster1::> security ssh show -vserver Cluster1 -instance
Vserver: Cluster1
Key Exchange Algorithms: diffie-hellman-group-exchange-sha256,
ecdh-sha2-nistp256, ecdh-sha2-nistp384,
ecdh-sha2-nistp521
Ciphers: aes256-ctr, aes192-ctr, aes128-ctr, aes128-gcm,
aes256-gcm
MAC Algorithms: hmac-sha2-256, hmac-sha2-256-etm,
hmac-sha2-512, hmac-sha2-512-etm
- 但是、从Linux客户端运行nmap则表示ssh正在使用不允许使用的方法
user:~ $ nmap --script ssh2-enum-algos -Pn x.x.x.x
Starting Nmap 6.40 ( http://nmap.org ) at 2024-02-05 02:00
Nmap scan report for host.localhost.com (x.x.x.x)
Host is up (0.0070s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
22/tcp open ssh
| ssh2-enum-algos:
| kex_algorithms (4)
| diffie-hellman-group-exchange-sha256
| ecdh-sha2-nistp256
| ecdh-sha2-nistp384
| ecdh-sha2-nistp521
| server_host_key_algorithms (1)
| ecdsa-sha2-nistp256
| encryption_algorithms (9)
| aes128-ctr
| aes192-ctr
| aes256-ctr
| aes128-cbc <<<<< Disallowed, unsecure SSH ciphers
| 3des-cbc <<<<<
| aes192-cbc <<<<<
| aes256-cbc <<<<<
| aes128-gcm@openssh.com
| aes256-gcm@openssh.com
| mac_algorithms (4)
| hmac-sha2-256
| hmac-sha2-256-etm@openssh.com
| hmac-sha2-512
| hmac-sha2-512-etm@openssh.com
| compression_algorithms (2)
| none
|_ zlib@openssh.com
111/tcp open rpcbind
443/tcp open https
10000/tcp open snet-sensor-mgmt
30000/tcp open unknown
Nmap done: 1 IP address (1 host up) scanned in 0.24 seconds