How to verify and remove SSH key exchange and hmacs on Proxy.
search cancel

How to verify and remove SSH key exchange and hmacs on Proxy.

book

Article ID: 278761

calendar_today

Updated On:

Products

ISG Proxy ProxySG Software - SGOS

Issue/Introduction

There are vulnerabilities detected on the Proxy for the SSH key exchange and hmacs.

For example, key exchange "diffie-hellman-group14-sha" and hmacs "[email protected]".

Packet capture shows that the proxy did offer the key exchange and hmac.

The "diffie-hellman-group14-sha" will be shown under proxy's SSH "kex_algorithms":

The "[email protected]" will be shown under the proxy's "mac_algorithms_server_to_client".

Resolution

Firstly, view the existing key exchange algorithms offered by the proxy.

#(config ssh-console) kex-algs view

Then remove the key exchange algorithm (eg: diffie-hellman-group14-sha).

#(config ssh-console) kex-algs remove diffie-hellman-group14-sha

 

For the hmac:

#(config ssh-console) hmacs view

#(config ssh-console) hmac remove [email protected]