Manage SSH ciphers and HMAC algorithms CLI commands for the ProxySG appliance
search cancel

Manage SSH ciphers and HMAC algorithms CLI commands for the ProxySG appliance

book

Article ID: 168895

calendar_today

Updated On: 10-03-2023

Products

ProxySG Software - SGOS

Issue/Introduction

Manage SSH ciphers and HMAC algorithms CLI commands for the ProxySG appliance

Environment

SGOS versions 6.5.x and 6.2.x
SGOS 6.6.3.2

Resolution

In SGOS versions 6.5.x and 6.2.x, you cannot make changes to SSH ciphers and HMAC algorithms. In SGOS 6.6.3.2, two commands were introduced to allow you to manage these ciphers and algorithms.

To manage SSH ciphers, from configure mode, type:
#(config)ssh-console
#(config ssh-console)ciphers

To manage HMAC algorithms, from configure mode, type:
#(config)ssh-console
#(config ssh-console)hmacs

SSH cipher and HMACs support is updated when the appliance is in FIPS mode:

  • AES-CBC ciphers (aes128-cbc and aes256-cbc) are unsupported.
  • AES-GCM ciphers (aes128-gcm@openssh.com and aes256-gcm@openssh.com) are supported.
  • hmac-sha1-96 is unsupported.
  • hmac-sha2-256 and hmac-sha2-512 are supported.
Powered by Wolken Software