topic SSH Server CBC Mode Ciphers Enabled in ExtremeSwitching (Other)

SSH Server CBC Mode Ciphers Enabled

Andy_Robb — Tue, 23 Aug 2016 14:32:00 GMT

How do I resolve the below audit finding on the C3 Switch?
SSH Server CBC Mode Ciphers Enabled
SSH Weak MAC Algorithms Enabled

RE: SSH Server CBC Mode Ciphers Enabled

AG1 — Tue, 23 Aug 2016 19:07:00 GMT

The C3-Series switches are heading to the end of support and there are no plans to modifying SSH on those solutions.

The OpenSSH Security Advisory provides the following information:

"For most SSH usage scenarios, this attack has a very low likelihood of being carried out successfully - each attempt has a low probability of success and each failure will cause connection termination with a fatal error. It is therefore very unlikely for an interactive session to be usefully attacked using this protocol weakness: an attacker would expect around 11356 connection-killing attempts before they are likely to succeed."

Additional information is available at http://www.openssh.com/txt/cbc.adv.

I hope it helps.

RE: SSH Server CBC Mode Ciphers Enabled

Eddie_Brown — Fri, 13 Oct 2017 19:00:00 GMT

How about for an S4 chassis switch? Any plans on fixing it there with this OS?
Or this open issue? xos0060993