no matter what i do it still pops up this is what i have configued am i missing something?
set system services ssh root-login deny
set system services ssh protocol-version v2
set system services ssh max-sessions-per-connection 32
set system services ssh ciphers aes256-ctr
set system services ssh macs hmac-sha2-256
set system services ssh macs hmac-sha2-512
set system services ssh key-exchange curve25519-sha256
set system services ssh key-exchange ecdh-sha2-nistp256
set system services ssh key-exchange ecdh-sha2-nistp384
set system services ssh key-exchange ecdh-sha2-nistp521
set system services ssh key-exchange group-exchange-sha2
Does the report only say "weak ciphers being used" or provide more information about what the weak ciphers are?
In a quick search I found the following ones that you have already configured:
You can take a packet capture on your SRX interface when connecting via SSH and confirm if the SRX is indeed stating that it supports the reported weak cipher. (you could upload the pcap and we will help you)
SRX Branch: https://kb.juniper.net/InfoCenter/index?page=content&id=kb11709
SRX High end: https://kb.juniper.net/InfoCenter/index?page=content&id=KB21563&actp=METADATA
Hello thank you for the reply
Nessus thinks arcfour (all of them 128,256 also) is still able to be used
Hi, try the packet capture on the SRX to confirm is the SRX is replying to the SSH queries stating that it indeed supports arcfour.
Maybe the SRX is not reporting support for arcfour but the Scan still tries to connect using arcfour?
appently some of the config didn't take and now it seems to be working, just have to rescan now
Im glad the packet capture worked. Let us know if the scan results are fine now.
ook a capture off our tapsthe encryption alg say is supports like every thing? the other stuff is only what i have set?
the packet from the SRX clearly shows arcfour in the "encyption algarythm server to client and client to server"