This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Securing SSH2 daemon on XOS 15.6.1.4 - disable MD5 or 96-bit MAC algorithms

Securing SSH2 daemon on XOS 15.6.1.4 - disable MD5 or 96-bit MAC algorithms

Zsolt_Babindai
New Contributor

‎06-22-2015 07:24 AM

Hi,
our security team is reported that XOS sshd is using either MD5 or 96-bit MAC algorithms, which are considered weak. Is there any way to configure the MAC algorithm which is used by SSH daemon on XOS? Our devices are (x670/440).
0 Kudos
7 REPLIES 7

Chad_Smith1
Extreme Employee

‎07-06-2015 04:49 PM

Zsolt,

It looks like the SSH Server upgrade may not make it into EXOS 16.2. It seems it is currently scoped for 16.3.

Also, I have created a GTACKnowledge article for future reference: Is there any way to configure the MAC algorithm which is used by the SSH daemon in EXOS?
0 Kudos

Zsolt_Babindai
New Contributor

‎06-30-2015 09:54 AM

Hi, sorry I was out of office for some days and just returned. Thank you very much for your answer, this is enough for me. We will upgrade to 16.2 when it will be available.
0 Kudos

Ken_Thomas
Contributor II

‎06-26-2015 11:44 AM

Zsot, let us know if this answers your question or if you have any follow up questions
0 Kudos

Colatuno__Joe
Extreme Employee

‎06-24-2015 12:05 PM

Hey Zsot,

Current EXOS SSH implementation is based off SSH Secure Shell Toolkit? version 4.1.2.

16.2 SSH code will move from the Toolkit to OpenSSH 6.5p1 which will address these algorithm vulnerabilities

Currently roadmap for 16.2 release is looking like December. I see no plans to have this implemented in earlier software versions unfortunately.
0 Kudos
GTM-P2G8KFN