MHO140 disabled ssh cipher

todd · ‎2022-06-02

Hi Expert,

Our client is asking us to disable ssh cipher cbc. We tried to use new feature started from R81.10 to disable it.

SMS and gateway running R81.10 are all work fine with this new feature and very easy to configure it.

But MHO140( R81.10SP JHF30 ) doesn't work as expected. Without any modification, there is no cipher enabled in the list. So we don't know which cipher is enabled currently.

Any suggestions ?

MHO-140-1> show ssh server cipher supported
--------------------------------
supported cipher:
--------------------------------
3des-cbc
aes128-cbc
aes128-ctr
aes128-gcm@openssh.com
aes192-cbc
aes192-ctr
aes256-cbc
aes256-ctr
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com
rijndael-cbc@lysator.liu.se
--------------------------------

MHO-140-1> show ssh server cipher enabled

--------------------------------

enabled cipher:

--------------------------------

Thanks!

ptuttle_2 · ‎2022-06-21

We just noticed this as well. R81.10 Jumbo #55 (but maybe before as well) on upgraded Gateways we cannot set it or see what is supported or enabled. Yet it seems to work on our fresh installed Gateways. At least the few I have looked at so far.

The command is there but gives the error "invalid cipher" or "invalid mac"

kobil · ‎2022-06-22

Hi todd, do you know if this issue was observed before installing JHF?

todd · ‎2022-06-23

Hi Kobil,

I didn't try this new command before installing any JHF.

Todd

Daniel_Kavan · ‎2022-11-01

working with JHF78, is there a command to remove the -cbc ciphers? delete ssh ... that's as far as it goes

mgmt1> show ssh server cipher supported
--------------------------------
supported cipher:
--------------------------------
3des-cbc
aes128-cbc
aes128-ctr
aes128-gcm@openssh.com
aes192-cbc
aes192-ctr
aes256-cbc
aes256-ctr
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com
rijndael-cbc@lysator.liu.se