The information in this article applies to SGOS versions 18.104.22.168 and later.
Sometimes there might be an SSH vulnerability reported in the ProxySG appliance's SSH console. To ensure the appliance is not vulnerable to SSH vulnerabilities, change the SSH console ciphers or disable weak SSH HMAC algorithms.
To change the SSH console ciphers using CLI commands, type:
>en #conf t #(config)ssh-console #(config ssh-console)ciphers ? add Add SSH cipher demote Demote SSH cipher in list promote Promote SSH cipher in list remove Remove SSH cipher reset Reset SSH cipher list to default set Set list of SSH ciphers view View SSH cipher information
To change the SSH HMAC algorithms using CLI commands, type:
>en #conf t #(config)ssh-console #(config ssh-console)hmacs ? add Add SSH HMAC demote Demote SSH HMAC in list promote Promote SSH HMAC in list remove Remove SSH HMAC reset Reset SSH HMAC list to default set Set list of SSH HMACs view View SSH HMAC information
For further information on changing SSH ciphers or HMAC algorithms, refer to the ProxySG FIPS Mode WebGuide and Command Line Interface Reference.
Prior to SGOS version 22.214.171.124, the ProxySG appliance
did not allow customers to change the SSH Console ciphers. The ciphers are hard-coded and cannot be changed in versions prior to SGOS 126.96.36.199.
Imported Document ID: 000029332
Subscribing will provide email updates when this Article is updated. Login is required.