A remote SSH server is configured to allow key exchange algorithms which are considered weak. This is based on the IETF draft document Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH) draft-ietf-curdle-ssh-kex-sha2-20. Section 4 lists guidance on key exchange algorithms that SHOULD NOT and MUST NOT be enabled. This includes: diffie-hellman-group-exchange-sha1 diffie-hellman-group1-sha1 gss-gex-sha1-* gss-group1-sha1-* gss-group14-sha1-*
How can the ciphers be disabled from the appliance, considering that the current version installed is 4.5.6.1-262238, on SV800-250M-C .
SV-1800/SV-3800
To disable ciphers in the SSL Visibility appliance, you will first have to upgrade to version 4.5.11.1 or above,
Enter the elevated privilege mode, known as enable mode. You will be prompted to enter the enable password.
Syntax:
> enable
Notes:
When enable mode is turned on, the prompt changes from > to #,
To return to standard mode, use the disable command.
Note: The "ssh-console" command may not exist in SSLV the lower versions, like 4.5.6.x.