How do I change the SSH Console Ciphers on a ProxySG?
search cancel

How do I change the SSH Console Ciphers on a ProxySG?


Article ID: 166001


Updated On:


Data Center Security Monitoring Edition ProxySG Software - SGOS


Is there a way for changing the SSH Console ciphers on a ProxySG?


If you want to change the available ciphers or their order for accessing the SSH management console, connect via SSH (or serial console) and run the following commands:

conf t
view ciphers

That will show you the current, default and available ciphers, for example (this is from SGOS
current:      aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
default:      aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
choices:      aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]

In order to remove a cipher (for example arcfour):
ciphers remove arcfour

To add a cipher (again arcfour as the example):
ciphers add arcfour 13

The 13 in this context puts arcfour into the 13. position in the current list. If you leave out the ordinal, it will be added to the end of the list. You can then use "ciphers promote arcfour" or "ciphers demote arcfour" to move it up or down the list in single steps.