remove sha1 key-exchange mechanisms from default

Move diffie-hellman-group14-sha1 and diffie-hellman-group-exchange-sha1 to 'weak' KEX mechanisms.

References:
* https://stribika.github.io/2015/01/04/secure-secure-shell.html
* #64

Signed-off-by: Dominik Richter <[email protected]>

Author: arlimus

libraries/get_ssh_kex.rb

@@ -27,12 +27,12 @@ def self.get_kexs(node, weak_kex)
         weak_kex = weak_kex ? 'weak' : 'default'
 
         kex_59 = {}
-        kex_59.default = 'diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1'
-        kex_59['weak'] = kex_59['default'] + ',diffie-hellman-group1-sha1'
+        kex_59.default = 'diffie-hellman-group-exchange-sha256'
+        kex_59['weak'] = kex_59['default'] + ',diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1'
 
         kex_66 = {}
-        kex_66.default = '[email protected],diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1'
-        kex_66['weak'] = kex_66['default'] + ',diffie-hellman-group1-sha1'
+        kex_66.default = '[email protected],diffie-hellman-group-exchange-sha256'
+        kex_66['weak'] = kex_66['default'] + ',diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1'
 
         # determine the kex for the operating system
         kex = kex_59