Extreme Networks

Zsolt_Babindai · ‎06-22-2015

Hi,
our security team is reported that XOS sshd is using either MD5 or 96-bit MAC algorithms, which are considered weak. Is there any way to configure the MAC algorithm which is used by SSH daemon on XOS? Our devices are (x670/440).

Chad_Smith1 · ‎07-06-2015

Zsolt,

It looks like the SSH Server upgrade may not make it into EXOS 16.2. It seems it is currently scoped for 16.3.

Also, I have created a GTACKnowledge article for future reference: Is there any way to configure the MAC algorithm which is used by the SSH daemon in EXOS?

Zsolt_Babindai · ‎06-30-2015

Hi, sorry I was out of office for some days and just returned. Thank you very much for your answer, this is enough for me. We will upgrade to 16.2 when it will be available.

Ken_Thomas · ‎06-26-2015

Zsot, let us know if this answers your question or if you have any follow up questions

Colatuno__Joe · ‎06-24-2015

Hey Zsot,

Current EXOS SSH implementation is based off SSH Secure Shell Toolkit? version 4.1.2.

16.2 SSH code will move from the Toolkit to OpenSSH 6.5p1 which will address these algorithm vulnerabilities

Currently roadmap for 16.2 release is looking like December. I see no plans to have this implemented in earlier software versions unfortunately.

Extreme Networks

Securing SSH2 daemon on XOS 15.6.1.4 - disable MD5 or 96-bit MAC algorithms

Securing SSH2 daemon on XOS 15.6.1.4 - disable MD5 or 96-bit MAC algorithms