Securing SSH2 daemon on XOS - disable MD5 or 96-bit MAC algorithms

our security team is reported that XOS sshd is using either MD5 or 96-bit MAC algorithms, which are considered weak. Is there any way to configure the MAC algorithm which is used by SSH daemon on XOS? Our devices are (x670/440).

7 replies

Zsot, I have reached to some of the GTAC engineers who should be able to help shed some light on your question
Thanks, I'm looking forward to getting some useful info.
Any news?
Userlevel 4
Hey Zsot,

Current EXOS SSH implementation is based off SSH Secure Shell Toolkit? version 4.1.2.

16.2 SSH code will move from the Toolkit to OpenSSH 6.5p1 which will address these algorithm vulnerabilities

Currently roadmap for 16.2 release is looking like December. I see no plans to have this implemented in earlier software versions unfortunately.
Zsot, let us know if this answers your question or if you have any follow up questions
Hi, sorry I was out of office for some days and just returned. Thank you very much for your answer, this is enough for me. We will upgrade to 16.2 when it will be available.
Userlevel 6

It looks like the SSH Server upgrade may not make it into EXOS 16.2. It seems it is currently scoped for 16.3.

Also, I have created a GTACKnowledge article for future reference: Is there any way to configure the MAC algorithm which is used by the SSH daemon in EXOS?