Allow disabling of weak SSH key exchange algorithms
PCI Compliance now regards weak ssh key exchange algorithms as a liability. There should be a way to disable them. It's fairly easy to set up in open-ssh: https://infosec.mozilla.org/guidelines/openssh#Configuration
John Michael commented
Awesome write-up, your websites are really good. I appreciate your work.
Chris Dart commented
Specifically the disabling of MAC-based algorithms is recommended