https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/MHO140-disabled-ssh-cipher/m-p/151635#M996 <P>Hi Kobil,</P><P>I didn't try this new command before installing any JHF.&nbsp;</P><P>Todd</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 23 Jun 2022 15:55:17 GMT todd 2022-06-23T15:55:17Z https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/MHO140-disabled-ssh-cipher/m-p/150086#M932 <P>Hi Expert,</P><P>Our client is asking us to disable ssh cipher cbc. We tried to use new feature started from R81.10 to disable it.</P><P>SMS and gateway running R81.10 are all work fine with this new feature and very easy to configure it.</P><P>But MHO140( R81.10SP JHF30 ) doesn't work as expected.&nbsp; Without any modification, there is no cipher enabled in the list. So we don't know which cipher is enabled currently.</P><P>Any suggestions ?</P><P>&nbsp;</P><P>MHO-140-1&gt; show ssh server cipher supported<BR />--------------------------------<BR />supported cipher:<BR />--------------------------------<BR />3des-cbc<BR />aes128-cbc<BR />aes128-ctr<BR />aes128-gcm@openssh.com<BR />aes192-cbc<BR />aes192-ctr<BR />aes256-cbc<BR />aes256-ctr<BR />aes256-gcm@openssh.com<BR />chacha20-poly1305@openssh.com<BR />rijndael-cbc@lysator.liu.se<BR />--------------------------------</P><P><FONT color="#FF0000">MHO-140-1&gt; show ssh server cipher enabled</FONT></P><P><FONT color="#FF0000">--------------------------------</FONT></P><P><FONT color="#FF0000">enabled cipher:</FONT></P><P><FONT color="#FF0000">--------------------------------</FONT></P><P><FONT color="#FF0000">--------------------------------</FONT></P><P>Thanks!</P><P>&nbsp;</P> Fri, 03 Jun 2022 06:04:55 GMT https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/MHO140-disabled-ssh-cipher/m-p/150086#M932 todd 2022-06-03T06:04:55Z https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/MHO140-disabled-ssh-cipher/m-p/151389#M958 <P>We just noticed this as well.&nbsp; R81.10 Jumbo #55 (but maybe before as well) on upgraded Gateways we cannot set it or see what is supported or enabled.&nbsp; Yet it seems to work on our fresh installed Gateways.&nbsp; At least the few I have looked at so far.</P><P>The command is there but gives the error "invalid cipher" or "invalid mac"</P><P>&nbsp;</P> Tue, 21 Jun 2022 18:49:11 GMT https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/MHO140-disabled-ssh-cipher/m-p/151389#M958 ptuttle_2 2022-06-21T18:49:11Z https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/MHO140-disabled-ssh-cipher/m-p/151472#M977 <P>Hi todd, do you know if this issue was observed before installing JHF?</P> Wed, 22 Jun 2022 13:38:09 GMT https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/MHO140-disabled-ssh-cipher/m-p/151472#M977 kobil 2022-06-22T13:38:09Z https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/MHO140-disabled-ssh-cipher/m-p/151635#M996 <P>Hi Kobil,</P><P>I didn't try this new command before installing any JHF.&nbsp;</P><P>Todd</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 23 Jun 2022 15:55:17 GMT https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/MHO140-disabled-ssh-cipher/m-p/151635#M996 todd 2022-06-23T15:55:17Z https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/MHO140-disabled-ssh-cipher/m-p/160953#M1241 <P>working with JHF78, is there a command to remove the -cbc ciphers?&nbsp; delete ssh ... that's as far as it goes&nbsp;</P> <P><BR />mgmt1&gt; show ssh server cipher supported<BR />--------------------------------<BR />supported cipher:<BR />--------------------------------<BR />3des-cbc<BR />aes128-cbc<BR />aes128-ctr<BR />aes128-gcm@openssh.com<BR />aes192-cbc<BR />aes192-ctr<BR />aes256-cbc<BR />aes256-ctr<BR />aes256-gcm@openssh.com<BR />chacha20-poly1305@openssh.com<BR />rijndael-cbc@lysator.liu.se</P> Tue, 01 Nov 2022 20:02:04 GMT https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/MHO140-disabled-ssh-cipher/m-p/160953#M1241 Daniel_Kavan 2022-11-01T20:02:04Z