Share via

How to disable weak cipher protocols and keys from ssh on azure devops server

Porfyriadis, Nikolaos (ADV D EU CZ AE ED 2) 1 Reputation point
2024-02-01T13:57:41.59+00:00

Dear Sir or Madam I wan to ask you how to disable weak cipher protocols and keys from Azure DevOps server. Especially those host key ssh-rsa cipher aes256-cbc cipher aes192-cbc cipher aes128-cbc thank you

Windows for business Windows Server Devices and deployment Configure application groups
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Michael Taylor 60,161 Reputation points
    2024-02-01T15:55:24.59+00:00

    Normally to disable weak ciphers on a Windows server you just run IISCrypto and disable the protocols that you don't want. Reboot the machine and they are no longer available.

    You should google for the recommended ones to disable as the landscape changes. Many protocols have been identified as weak so you should disable them. But note that you may have a special case need to leave some enabled if you are talking to a legacy system. That shouldn't be an issue for a DevOps server though.

    0 comments
  2. Porfyriadis, Nikolaos (ADV D EU CZ AE ED 2) 1 Reputation point
    2024-02-01T16:01:02.6566667+00:00

    Hello thank you for your answer. I tried IIS Crypto already but those protocols are not included in the list. On the other hand they are there if you try with powershell User's image

    User's image

    Any ideas?

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.