Messaging Gateway (SMG) v10.6.1 and prior are configured with a default list of ssh MAC algorithms including MD5 and SHA1. These algorithms are no longer considered to be secure for message authentication codes.
Messaging Gateway 10.5
Messaging Gateway 10.6
With SMG 10.6.2, the restricted list of MAC algorithms is enabled by default for new installations.
Upgrades do not modify the configured list of MAC algorithms. To restrict the list of ssh MACs for upgraded systems, the
sshd-config command will need to be run from the command line interface (CLI) on all SMG hosts.
The list of ssh MACs can be limited using the sshd-config command as follows:
smg> sshd-config --mac on
smg> sshd-config -v
Requires protocol version 2
Support for CBC ciphers is ENABLED
Support for limited MACs (hmac-sha2-256,hmac-sha2-512) is ENABLED
Subscribing will provide email updates when this Article is updated. Login is required.