By herry21 - 9/10/2021 2:06:01 AM
Hi,
Due to infosec team found that Diffie Helman as a Vulnerability, we are required to disable it on fortress ssh server. How can we do it?
Regards,
|
By Technical Support Group (TSG) - 9/10/2021 9:40:37 AM
+xHi, Due to infosec team found that Diffie Helman as a Vulnerability, we are required to disable it on fortress ssh server. How can we do it? Regards,
Hello,
You can configure the server algorithms using the Local FortressSSH Configuration program. Under the General Settings branch there is a page for each configurable option of the ssh protocol: Cipher; Compression; Host Key; Key Exchange; and MAC. On the Key Exchange branch you can uncheck any algorithm that you do not want allowed.
If you do not have the Key Exchange branch, you should update to the latest build at www.pragmasys.com/ssh-server/download.
|
By herry21 - 9/11/2021 11:04:26 AM
+x+xHi, Due to infosec team found that Diffie Helman as a Vulnerability, we are required to disable it on fortress ssh server. How can we do it? Regards, Hello, You can configure the server algorithms using the Local FortressSSH Configuration program. Under the General Settings branch there is a page for each configurable option of the ssh protocol: Cipher; Compression; Host Key; Key Exchange; and MAC. On the Key Exchange branch you can uncheck any algorithm that you do not want allowed. If you do not have the Key Exchange branch, you should update to the latest build at www.pragmasys.com/ssh-server/download.
Hello,
Many thanks for this solution. We will upgrade the software to the latest version.
Best Regards,
Heri
|
By herry21 - 9/12/2021 9:05:10 PM
+x+xHi, Due to infosec team found that Diffie Helman as a Vulnerability, we are required to disable it on fortress ssh server. How can we do it? Regards, Hello, You can configure the server algorithms using the Local FortressSSH Configuration program. Under the General Settings branch there is a page for each configurable option of the ssh protocol: Cipher; Compression; Host Key; Key Exchange; and MAC. On the Key Exchange branch you can uncheck any algorithm that you do not want allowed. If you do not have the Key Exchange branch, you should update to the latest build at www.pragmasys.com/ssh-server/download.
Hi,
We already upgrade the software, then uncheck any algorithm we don't want.
But after login to the server using ssh, and perform query using "ssh -Q kex", the algorithm still there, even after restarting the fortress services.
How to make sure that clients are not allowed to use the algorithm?
Thank you,
Heri
|
By herry21 - 9/12/2021 9:06:12 PM
+x+x+xHi, Due to infosec team found that Diffie Helman as a Vulnerability, we are required to disable it on fortress ssh server. How can we do it? Regards, Hello, You can configure the server algorithms using the Local FortressSSH Configuration program. Under the General Settings branch there is a page for each configurable option of the ssh protocol: Cipher; Compression; Host Key; Key Exchange; and MAC. On the Key Exchange branch you can uncheck any algorithm that you do not want allowed. If you do not have the Key Exchange branch, you should update to the latest build at www.pragmasys.com/ssh-server/download. Hi, We already upgrade the software, then uncheck any algorithm we don't want. But after login to the server using ssh, and perform query using "ssh -Q kex", the algorithm still there, even after restarting the fortress services. How to make sure that clients are not allowed to use the algorithm? Thank you, Heri
We need to disable diffie-hellman-group-sha1
|
By Technical Support Group (TSG) - 9/13/2021 7:43:23 AM
+x+x+x+xHi, Due to infosec team found that Diffie Helman as a Vulnerability, we are required to disable it on fortress ssh server. How can we do it? Regards, Hello, You can configure the server algorithms using the Local FortressSSH Configuration program. Under the General Settings branch there is a page for each configurable option of the ssh protocol: Cipher; Compression; Host Key; Key Exchange; and MAC. On the Key Exchange branch you can uncheck any algorithm that you do not want allowed. If you do not have the Key Exchange branch, you should update to the latest build at www.pragmasys.com/ssh-server/download. Hi, We already upgrade the software, then uncheck any algorithm we don't want. But after login to the server using ssh, and perform query using "ssh -Q kex", the algorithm still there, even after restarting the fortress services. How to make sure that clients are not allowed to use the algorithm? Thank you, Heri We need to disable diffie-hellman-group-sha1
Heri,
The ssh -Q option queries the current ssh client, not the server. It also appears that you might be using the openssh client, because our client does not support the -Q option.
The best way to view the server algorithms is to connect with a -v option on the client command and view the negotiation between the server and client.
|
|