I recently ran ssh-audit (v3.1.0, https://github.com/jtesta/ssh-audit) against a 14-day old openwrt snapshot. The ssh-audit flagged a few items. Unlike openssh, I can't find a runtime way of disabling these flagged algorithms. It appears that the only way to disable the methods is to recompile with some ifdefs turned off. Effectively users are stuck with whatever choices openwrt is delivered with. Would it be a good idea to err on the side of safety and turn off any of the items flaged with "fail" or "warn"?
$ ssh-audit -v
# ssh-audit v3.1.0, https://github.com/jtesta/ssh-audit
$ ssh-audit gw
# general
(gen) banner: SSH-2.0-dropbear
(gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2018.76+
(gen) compression: disabled
# key exchange algorithms
(kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76
`- [info] default key exchange since OpenSSH 6.4
(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.4, Dropbear SSH 2013.62
`- [info] default key exchange since OpenSSH 6.4
(kex) diffie-hellman-group14-sha256 -- [warn] 2048-bit modulus only provides 112-bits of symmetric strength
`- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
(kex) kexguess2@matt.ucc.asn.au -- [info] available since Dropbear SSH 2013.57
(kex) kex-strict-s-v00@openssh.com -- [info] pseudo-algorithm that denotes the peer supports a stricter key exchange method as a counter-measure to the Terrapin attack (CVE-2023-48795)
# host-key algorithms
(key) ssh-ed25519 -- [info] available since OpenSSH 6.5
(key) rsa-sha2-256 (2048-bit) -- [warn] 2048-bit modulus only provides 112-bits of symmetric strength
`- [info] available since OpenSSH 7.2
(key) ssh-rsa (2048-bit) -- [fail] using broken SHA-1 hash algorithm
`- [warn] 2048-bit modulus only provides 112-bits of symmetric strength
`- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
`- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8
# encryption algorithms (ciphers)
(enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5
`- [info] default cipher since OpenSSH 6.9
(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
# message authentication code algorithms
(mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
`- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
# fingerprints
(fin) ssh-ed25519: SHA256:WfPl3LswLjrXcKmVSsXf2YyQaxUW5WftImJ0oJPeZls
(fin) ssh-rsa: SHA256:M9Fq6c3GstZR5VtyLKSXYi9qr47W7oo1NaXr2+3qGTA
# additional info
(nfo) Be aware that, while this target properly supports the strict key exchange method (via the kex-strict-?-v00@openssh.com marker) needed to protect against the Terrapin vulnerability (CVE-2023-48795), all peers must also support this feature as well, otherwise the vulnerability will still be present. The following algorithms would allow an unpatched peer to create vulnerable SSH channels with this target: chacha20-poly1305@openssh.com. If any CBC ciphers are in this list, you may remove them while leaving the *-etm@openssh.com MACs in place; these MACs are fine while paired with non-CBC cipher types.
