cancel
Showing results for 
Search instead for 
Did you mean: 

Securing SSH2 daemon on XOS 15.6.1.4 - disable MD5 or 96-bit MAC algorithms

Securing SSH2 daemon on XOS 15.6.1.4 - disable MD5 or 96-bit MAC algorithms

Zsolt_Babindai
New Contributor
Hi,
our security team is reported that XOS sshd is using either MD5 or 96-bit MAC algorithms, which are considered weak. Is there any way to configure the MAC algorithm which is used by SSH daemon on XOS? Our devices are (x670/440).
7 REPLIES 7

Chad_Smith1
Extreme Employee
Zsolt,

It looks like the SSH Server upgrade may not make it into EXOS 16.2. It seems it is currently scoped for 16.3.

Also, I have created a GTACKnowledge article for future reference: Is there any way to configure the MAC algorithm which is used by the SSH daemon in EXOS?

Zsolt_Babindai
New Contributor
Hi, sorry I was out of office for some days and just returned. Thank you very much for your answer, this is enough for me. We will upgrade to 16.2 when it will be available.

Ken_Thomas
Contributor II
Zsot, let us know if this answers your question or if you have any follow up questions

Colatuno__Joe
Extreme Employee
Hey Zsot,

Current EXOS SSH implementation is based off SSH Secure Shell Toolkit? version 4.1.2.

16.2 SSH code will move from the Toolkit to OpenSSH 6.5p1 which will address these algorithm vulnerabilities

Currently roadmap for 16.2 release is looking like December. I see no plans to have this implemented in earlier software versions unfortunately.
GTM-P2G8KFN