How do I change the SSH Console ciphers in SGOS 6.6?
book
Article ID: 168906
calendar_today
Updated On:
Products
Asset Management SolutionData Center Security Monitoring EditionProxySG Software - SGOS
Issue/Introduction
The information in this article applies to SGOS versions 6.6.3.2 and later.
Sometimes there might be an SSH vulnerability reported in the ProxySG appliance's SSH console. To ensure the appliance is not vulnerable to SSH vulnerabilities, change the SSH console ciphers or disable weak SSH HMAC algorithms.
To change the SSH console ciphers using CLI commands, type: >en #conf t #(config)ssh-console #(config ssh-console)ciphers ? add Add SSH cipher demote Demote SSH cipher in list promote Promote SSH cipher in list remove Remove SSH cipher reset Reset SSH cipher list to default set Set list of SSH ciphers view View SSH cipher information
To change the SSH HMAC algorithms using CLI commands, type: >en #conf t #(config)ssh-console #(config ssh-console)hmacs ? add Add SSH HMAC demote Demote SSH HMAC in list promote Promote SSH HMAC in list remove Remove SSH HMAC reset Reset SSH HMAC list to default set Set list of SSH HMACs view View SSH HMAC information
For further information on changing SSH ciphers or HMAC algorithms, refer to the ProxySG FIPS Mode WebGuide and Command Line Interface Reference.