Remove SHA1 from SSH service in VMware Aria Operations for logs
search cancel

Remove SHA1 from SSH service in VMware Aria Operations for logs

book

Article ID: 413124

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

To meet with security policies, the SHA1 algorithm can be safely removed from the SSH service in VMware Aria Operations for logs.

When trying to start SSH service fails with an error : Failed to start OpenSSH Daemon

Error message shows  Bad SSH2 mac spec '[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,#hmac-sha1,#[email protected]'

Environment

VMware Aria Operations for logs 8.18.x

Resolution

To remove the SHA1 based algorithms and SSH-RSA based keys usage from the SSH service, follow the steps below for your version of VMware Aria Operations for logs.

Note: Please take snapshots of all nodes before proceeding.

  1. Log into the Primary node as root via SSH or Console.
  2. Run the following command to backup the /etc/ssh/sshd_config file:
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
 

     3.Run the following command to open /etc/ssh/sshd_config in a text editor:

vi /etc/ssh/sshd_config
 

     4.Press i to enter insert mode.

     5.Find the MACs line and modify it to match the following:

MACs "[email protected],[email protected],hmac-sha2-512,hmac-sha2-256"
 

     6.Press Esc, then type :wq and press Enter to save and close the file.

     7.Run the following command to restart the sshd service:

systemctl restart sshd
 

     8.Repeats steps 1-7 on all other VMware Aria Operations for logs nodes.

Powered by Wolken Software