How to view and remove the current used HMACs/Ciphers/Key exchange algorithms for Management Center
search cancel

How to view and remove the current used HMACs/Ciphers/Key exchange algorithms for Management Center

book

Article ID: 378556

calendar_today

Updated On:

Products

Management Center - VA Management Center

Issue/Introduction

The KB provides instructions on the steps to review and remove the HMACs, Ciphers, and key exchange algorithms being used in the Management Center from CLI.

Resolution

To view your currently used HMACs and Ciphers and Key exchange algorithms :

  • Navigate to your CLI over SSH and share current settings, as shown below:
MgmtCtr#
MgmtCtr# configure t
Enter configuration commands, one per line. End with CNTL/Z.
MgmtCtr(config)#
MgmtCtr(config)#
MgmtCtr(config)# ssh
MgmtCtr(config-ssh-console)# view
Ciphers:
[email protected], [email protected], [email protected], aes128-ctr, aes192-ctr, aes256-ctr

HMACs:
[email protected], [email protected], [email protected], hmac-sha2-256, hmac-sha2-512, hmac-sha1

Key exchange algorithms:
curve25519-sha256, [email protected], ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1

Public key authentication:   Enabled

Host key:
ssh-rsa AAxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx==

 

 

  • To remove the undesired HMACs and Ciphers and Key exchange algorithms   , check the below example:

    For example, if you want to remove undersired hmac-sha1 from HMACs    and [email protected] from Ciphers and diffie-hellman-group-exchange-sha1 from key-exchange-algorithms
MgmtCtr# configure t
MgmtCtr(config)# ssh
MgmtCtr(config-ssh-console)# view
MgmtCtr(config-ssh-console)# hmac
MgmtCtr(config-hmacs)#
MgmtCtr(config-hmacs)# view
[email protected] [email protected] [email protected] hmac-sha2-256 hmac-sha2-512 hmac-sha1
MgmtCtr(config-hmacs)#
MgmtCtr(config-hmacs)# ?
Possible completions:
  add       Add HMACs to the HMAC list
  demote    Demote a HMAC within the HMAC list
  promote   Promote a HMAC within the HMAC list
  remove    Remove HMACs from the HMAC list
  reset     Reset the HMAC list to the default value
  set       Set the list of HMACs to be used
  view      View the HMAC list
  ---
  exit      Exit from current mode
  help      Provide help information
  no        Negate a command or set its defaults
MgmtCtr(config-hmacs)# remove
Value for '' (list): hmac-sha1
  ok
MgmtCtr(config-ssh-console)# ?
Possible completions:
  ciphers                     Configure the ciphers for the SSH console
  delete                      Delete a key for a user
  generate                    Regenerate the keypair for SSH host verification
  hmacs                       Configure the HMACs for the SSH console
  inline                      Import a key for a user
  key-exchange-algorithms     Configure the key exchange algorithms for the SSH console
  public-key-authentication   Enable or disable public key authentication
  view                        View the SSH console configuration
  ---
  exit                        Exit from current mode
  help                        Provide help information
  no                          Negate a command or set its defaults
MgmtCtr(config-ssh-console)#


MgmtCtr(config-ssh-console)# view
Ciphers:
[email protected], [email protected], [email protected], aes128-ctr, aes192-ctr, aes256-ctr

HMACs:
[email protected], [email protected], [email protected], hmac-sha2-256, hmac-sha2-512

Key exchange algorithms:
curve25519-sha256, [email protected], ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1

Public key authentication:   Enabled

Host key:
ssh-rsa AAxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx==
Client keys:
None

MgmtCtr(config-ciphers)# ?
Possible completions:
  add       Add ciphers to the cipher list
  demote    Demote a cipher within the cipher list
  promote   Promote a cipher within the cipher list
  remove    Remove ciphers from the cipher list
  reset     Reset the cipher list to the default value
  set       Set the list of ciphers to be used
  view      View the cipher list
  ---
  exit      Exit from current mode
  help      Provide help information
  no        Negate a command or set its defaults
  
MgmtCtr(config-ciphers)# remove [email protected]
  ok
MgmtCtr(config-ciphers)#
MgmtCtr(config-ciphers)# exit
MgmtCtr(config-ssh-console)# ?
Possible completions:
  ciphers                     Configure the ciphers for the SSH console
  delete                      Delete a key for a user
  generate                    Regenerate the keypair for SSH host verification
  hmacs                       Configure the HMACs for the SSH console
  inline                      Import a key for a user
  key-exchange-algorithms     Configure the key exchange algorithms for the SSH console
  public-key-authentication   Enable or disable public key authentication
  view                        View the SSH console configuration
  ---
  exit                        Exit from current mode
  help                        Provide help information
  no                          Negate a command or set its defaults
MgmtCtr(config-ssh-console)# key-exchange-algorithms
MgmtCtr(config-key-exchange-algorithms)# remove diffie-hellman-group-exchange-sha1
  ok
MgmtCtr(config-key-exchange-algorithms)#


 

Powered by Wolken Software