管理SVMに対してSSHサーバの公開鍵が小さすぎる脆弱性が報告されています
環境
- ONTAP 9
- Qualysスキャナ
- SSH
問題
セキュリティスキャナは、管理SVMのインターフェイスに次の脆弱性をフラグします。
SSH Server Public Key Too Small
QID: 38738
THREAT:
The SSH protocol (Secure Shell) is a method for secure remote login from one computer to another.
The SSH Server is using a small Public Key.
Best practices require that RSA digital signatures be 2048 or more bits long to provide adequate security.
Key lengths of 1024 are acceptable through 2013, but since 2011 they are considered deprecated.
IMPACT:
A man-in-the-middle attacker can exploit this vulnerability to record the communication to decrypt the session key and even the messages
SOLUTION:
DSA keys and RSA keys shorter than 2048 bits are considered vulnerable. It is recommended to install a RSA public key length of at least 2048 bits
or greater, or to switch to ECDSA or EdDSA