> Hi All,
> Yesterday when I performing some system hardening process for a
> RedHat 8 that running OpenSSH 3.4.
>
> When the machine is being probed by FoundStone program, i got this
> messages
>
> <-- Text Quoted from Report
> Description:
> "Algorithms support by SSH2 server were enumerated."
>
> ....
>
> Recommendation
> Examine the list of supported algorithms for compliance with
> instituitional security policy.
>
> End of Quoted Text--->
>
> Btw, what is the word "Enumarated" stands for in this kind of
> situtation, does it means that attackers will be able to discover the
> SSH encryption algorithms and do something on
>
> My apologies if this problem has been posted before or is has been
> fixed on the later version of SSH. But I have my constrains to stick to
> the existing version.


Chris,

Enumerating the algorithms is a required part of the SSH2 protocol.
This allows the client and server to know which algorithms are
available - since in order to have a conversation the client and
server must both support the cipher.

Examining the list means making sure you've turned off algorithms
that don't meet your personal or company's security policy. For
example, maybe your company allows aes-256, but aes-192 and aes-128
should be turned off.

--Jeff