Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
todd
Contributor

MHO140 disabled ssh cipher

Hi Expert,

Our client is asking us to disable ssh cipher cbc. We tried to use new feature started from R81.10 to disable it.

SMS and gateway running R81.10 are all work fine with this new feature and very easy to configure it.

But MHO140( R81.10SP JHF30 ) doesn't work as expected.  Without any modification, there is no cipher enabled in the list. So we don't know which cipher is enabled currently.

Any suggestions ?

 

MHO-140-1> show ssh server cipher supported
--------------------------------
supported cipher:
--------------------------------
3des-cbc
aes128-cbc
aes128-ctr
aes128-gcm@openssh.com
aes192-cbc
aes192-ctr
aes256-cbc
aes256-ctr
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com
rijndael-cbc@lysator.liu.se
--------------------------------

MHO-140-1> show ssh server cipher enabled

--------------------------------

enabled cipher:

--------------------------------

--------------------------------

Thanks!

 

0 Kudos
4 Replies
ptuttle_2
Contributor

We just noticed this as well.  R81.10 Jumbo #55 (but maybe before as well) on upgraded Gateways we cannot set it or see what is supported or enabled.  Yet it seems to work on our fresh installed Gateways.  At least the few I have looked at so far.

The command is there but gives the error "invalid cipher" or "invalid mac"

 

0 Kudos
kobil
Employee
Employee

Hi todd, do you know if this issue was observed before installing JHF?

0 Kudos
todd
Contributor

Hi Kobil,

I didn't try this new command before installing any JHF. 

Todd

 

 

0 Kudos
Daniel_Kavan
Advisor

working with JHF78, is there a command to remove the -cbc ciphers?  delete ssh ... that's as far as it goes 


mgmt1> show ssh server cipher supported
--------------------------------
supported cipher:
--------------------------------
3des-cbc
aes128-cbc
aes128-ctr
aes128-gcm@openssh.com
aes192-cbc
aes192-ctr
aes256-cbc
aes256-ctr
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com
rijndael-cbc@lysator.liu.se

0 Kudos