Hi,

Due to infosec team found that Diffie Helman as a Vulnerability, we are required to disable it on fortress ssh server. How can we do it?

Regards,

+x

 

herry21 - 9/10/2021 8:06:01 AM

Hi,

Due to infosec team found that Diffie Helman as a Vulnerability, we are required to disable it on fortress ssh server. How can we do it?

Regards,

Hello,

You can configure the server algorithms using the Local FortressSSH Configuration program. Under the General Settings branch there is a page for each configurable option of the ssh protocol: Cipher; Compression; Host Key; Key Exchange; and MAC. On the Key Exchange branch you can uncheck any algorithm that you do not want allowed.

If you do not have the Key Exchange branch, you should update to the latest build at www.pragmasys.com/ssh-server/download.

Pragma Systems Technical Support
13809 Research Blvd, #675
Austin, TX 78750
http://www.pragmasys.com

+x

 

Technical Support Group (TSG) - 9/10/2021 3:40:37 PM

+x

 

herry21 - 9/10/2021 8:06:01 AM

Hi,

Due to infosec team found that Diffie Helman as a Vulnerability, we are required to disable it on fortress ssh server. How can we do it?

Regards,

Hello,

You can configure the server algorithms using the Local FortressSSH Configuration program. Under the General Settings branch there is a page for each configurable option of the ssh protocol: Cipher; Compression; Host Key; Key Exchange; and MAC. On the Key Exchange branch you can uncheck any algorithm that you do not want allowed.

If you do not have the Key Exchange branch, you should update to the latest build at www.pragmasys.com/ssh-server/download.

Hello,

Many thanks for this solution. We will upgrade the software to the latest version.

Best Regards,
Heri

+x

 

Technical Support Group (TSG) - 9/10/2021 3:40:37 PM

+x

 

herry21 - 9/10/2021 8:06:01 AM

Hi,

Due to infosec team found that Diffie Helman as a Vulnerability, we are required to disable it on fortress ssh server. How can we do it?

Regards,

Hello,

You can configure the server algorithms using the Local FortressSSH Configuration program. Under the General Settings branch there is a page for each configurable option of the ssh protocol: Cipher; Compression; Host Key; Key Exchange; and MAC. On the Key Exchange branch you can uncheck any algorithm that you do not want allowed.

If you do not have the Key Exchange branch, you should update to the latest build at www.pragmasys.com/ssh-server/download.

Hi,

We already upgrade the software, then uncheck any algorithm we don't want.


But after login to the server using ssh, and perform query using "ssh -Q kex", the algorithm still there, even after restarting the fortress services.


How to make sure that clients are not allowed to use the algorithm?

Thank you,
Heri

+x

 

herry21 - 9/13/2021 3:05:10 AM

+x

 

Technical Support Group (TSG) - 9/10/2021 3:40:37 PM

+x

 

herry21 - 9/10/2021 8:06:01 AM

Hi,

Due to infosec team found that Diffie Helman as a Vulnerability, we are required to disable it on fortress ssh server. How can we do it?

Regards,

Hello,

You can configure the server algorithms using the Local FortressSSH Configuration program. Under the General Settings branch there is a page for each configurable option of the ssh protocol: Cipher; Compression; Host Key; Key Exchange; and MAC. On the Key Exchange branch you can uncheck any algorithm that you do not want allowed.

If you do not have the Key Exchange branch, you should update to the latest build at www.pragmasys.com/ssh-server/download.

Hi,

We already upgrade the software, then uncheck any algorithm we don't want.


But after login to the server using ssh, and perform query using "ssh -Q kex", the algorithm still there, even after restarting the fortress services.


How to make sure that clients are not allowed to use the algorithm?

Thank you,
Heri

We need to disable diffie-hellman-group-sha1

+x

 

herry21 - 9/13/2021 3:06:12 AM

+x

 

herry21 - 9/13/2021 3:05:10 AM

+x

 

Technical Support Group (TSG) - 9/10/2021 3:40:37 PM

+x

 

herry21 - 9/10/2021 8:06:01 AM

Hi,

Due to infosec team found that Diffie Helman as a Vulnerability, we are required to disable it on fortress ssh server. How can we do it?

Regards,

Hello,

You can configure the server algorithms using the Local FortressSSH Configuration program. Under the General Settings branch there is a page for each configurable option of the ssh protocol: Cipher; Compression; Host Key; Key Exchange; and MAC. On the Key Exchange branch you can uncheck any algorithm that you do not want allowed.

If you do not have the Key Exchange branch, you should update to the latest build at www.pragmasys.com/ssh-server/download.

Hi,

We already upgrade the software, then uncheck any algorithm we don't want.


But after login to the server using ssh, and perform query using "ssh -Q kex", the algorithm still there, even after restarting the fortress services.


How to make sure that clients are not allowed to use the algorithm?

Thank you,
Heri

We need to disable diffie-hellman-group-sha1

Heri,

The ssh -Q option queries the current ssh client, not the server. It also appears that you might be using the openssh client, because our client does not support the -Q option. 

The best way to view the server algorithms is to connect with a -v option on the client command and view the negotiation between the server and client.


Pragma Systems Technical Support
13809 Research Blvd, #675
Austin, TX 78750
http://www.pragmasys.com