The information in this article applies to SGOS versions 220.127.116.11 and later.
Sometimes there might be an SSH vulnerability reported in the ProxySG appliance's SSH console. To ensure the appliance is not vulnerable to SSH vulnerabilities, change the SSH console ciphers or disable weak SSH HMAC algorithms.
To change the SSH console ciphers using CLI commands, type:
#(config ssh-console)ciphers ?
add Add SSH cipher
demote Demote SSH cipher in list
promote Promote SSH cipher in list
remove Remove SSH cipher
reset Reset SSH cipher list to default
set Set list of SSH ciphers
view View SSH cipher information
To change the SSH HMAC algorithms using CLI commands, type:
#(config ssh-console)hmacs ?
add Add SSH HMAC
demote Demote SSH HMAC in list
promote Promote SSH HMAC in list
remove Remove SSH HMAC
reset Reset SSH HMAC list to default
set Set list of SSH HMACs
view View SSH HMAC information
For further information on changing SSH ciphers or HMAC algorithms, refer to the ProxySG FIPS Mode WebGuide and Command Line Interface Reference.