Which ones aren't secure by default? When you install new OS like Debian those defaults will be correctly set (and depending on your organization, you may change some settings around to fit your needs).
However, if you customized your config e.g. in debian 6 and updated to 11, you may wanna revisit those settings and change them
Not really SSH, but Kerberos on many distros allows extremely weak ciphers by default. And when I say weak, I mean these should have been disabled a decade ago. On Ubuntu 20.04 with the default setup, keytabs using DES are allowed...
Not sure about that, but from my understanding that's because with kerberos the encryption level doesn't matter as much because cracking DES from such a small amount of bytes still shouldn't be feasiable
