SSHD is setup with unsecured cyphers like CBC (see https://www.kb.cert.org/vuls/id/958563). These cyphers should be removed.
There is already a PR filed here: https://github.com/jenkinsci/sshd-module/pull/5. This will also need to be integrated in core hence this ticket.
trilead ssh MAC and key exchange algorithms severely outdated
sshd-module - PR#5
Ideally also makes sense to add new Ciphers, but it is blocked by JENKINS-33021
The fix has been integrated into 3.34 as an RFE.
If you consider it as a bug fix, please respond
Code changed in jenkins
User: Oleg Nenashev
JENKINS-39805 - Update SSH module to 1.8 (#2641)
`the fix disables some obsolete protocols as per JENKINS-39805(https://issues.jenkins-ci.org/browse/JENKINS-39805): AES128CBC, TripleDESCBC.Factory(), and BlowfishCBC
All changes: https://github.com/jenkinsci/sshd-module/compare/sshd-1.7...sshd-1.8
Oleg Nenashev Daniel BeckAllan BURDAJEWICZ Maybe we should propose to backport it into 2.32.x (as it is a security fix/improvement). WDYT ?