ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
Manage SSH ciphers and HMAC algorithms CLI commands for the ProxySG appliance
Article ID: 168895
Updated On:
Products
Data Center Security Monitoring Edition
ProxySG Software - SGOS
Issue/Introduction
In SGOS versions 6.5.x and 6.2.x, you cannot make changes to SSH ciphers and HMAC algorithms. In SGOS 6.6.3.2, two commands were introduced to allow you to manage these ciphers and algorithms.
To manage SSH ciphers, from configure mode, type:
#(config)ssh-console
#(config ssh-console)ciphers
To manage HMAC algorithms, from configure mode, type:
#(config)ssh-console
#(config ssh-console)hmacs
SSH cipher and HMACs support is updated when the appliance is in FIPS mode:
To manage SSH ciphers, from configure mode, type:
#(config)ssh-console
#(config ssh-console)ciphers
To manage HMAC algorithms, from configure mode, type:
#(config)ssh-console
#(config ssh-console)hmacs
SSH cipher and HMACs support is updated when the appliance is in FIPS mode:
- AES-CBC ciphers (aes128-cbc and aes256-cbc) are unsupported.
- AES-GCM ciphers ([email protected] and [email protected]) are supported.
- hmac-sha1-96 is unsupported.
- hmac-sha2-256 and hmac-sha2-512 are supported.
Feedback
Yes
No
Powered by
