The information in this article applies to SGOS versions 6.6.3.2 and later.

Sometimes there might be an SSH vulnerability reported in the ProxySG appliance's SSH console. To ensure the appliance is not vulnerable to SSH vulnerabilities, change the SSH console ciphers or disable weak SSH HMAC algorithms.

To change the SSH console ciphers using CLI commands, type: 
>en
#conf t
#(config)ssh-console
#(config ssh-console)ciphers ?
add            Add SSH cipher
demote         Demote SSH cipher in list
promote        Promote SSH cipher in list
remove         Remove SSH cipher
reset          Reset SSH cipher list to default
set            Set list of SSH ciphers
view           View SSH cipher information

To change the SSH HMAC algorithms using CLI commands, type:
>en
#conf t
#(config)ssh-console
#(config ssh-console)hmacs ?
add            Add SSH HMAC
demote         Demote SSH HMAC in list
promote        Promote SSH HMAC in list
remove         Remove SSH HMAC
reset          Reset SSH HMAC list to default
set            Set list of SSH HMACs
view           View SSH HMAC information

For further information on changing SSH ciphers or HMAC algorithms, refer to the ProxySG FIPS Mode WebGuide and Command Line Interface Reference.