Switching

 View Only
last person joined: 11 hours ago 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.
  • 1.  How to fix SSH vulnerability. in Juniper switch

    Posted 09-12-2023 12:53

    how to fix SSH vulnerability. which Ciphers need to disable or enable 



    ------------------------------
    Syed Yasir
    ------------------------------


  • 2.  RE: How to fix SSH vulnerability. in Juniper switch

    Posted 09-12-2023 15:54

    Hi Syed, 

    Can you please provide more information on the SSH vulnerability issue your having so I can try to help and advise?

    KR, 

    Ethan



    ------------------------------
    Ethan Jackson
    ------------------------------



  • 3.  RE: How to fix SSH vulnerability. in Juniper switch

    Posted 09-13-2023 06:49

    Thanks  ETH4N3T actually we run a scan  after the in few juniper switches EX3400 found SSH vulnerability I try to fix it to modify SSH chippers option to disable  but its already showing this  and available option is so I little bit confuse how to fix it,

    warning: element 'aes128-cbc' not found

    aes128-cbc           128-bit AES with Cipher Block Chaining
      aes128-ctr           128-bit AES with Counter Mode
      aes128-gcm@openssh.com  128-bit AES with Galois/Counter Mode
      aes192-cbc           192-bit AES with Cipher Block Chaining
      aes192-ctr           192-bit AES with Counter Mode
      aes256-cbc           256-bit AES with Cipher Block Chaining
      aes256-ctr           256-bit AES with Counter Mode
      aes256-gcm@openssh.com  256-bit AES with Galois/Counter Mode
      arcfour              128-bit RC4 with Cipher Block Chaining 
      arcfour128           128-bit RC4 with Cipher Block Chaining 
      arcfour256           256-bit RC4 with Cipher Block Chaining 
      blowfish-cbc         128-bit Blowfish with Cipher Block Chaining 
      cast128-cbc          128-bit CAST with Cipher Block Chaining 
      chacha20-poly1305@openssh.com  ChaCha20 stream cipher and Poly1305 MAC
    {master:1}[edit]



    ------------------------------
    Syed Yasir
    ------------------------------



  • 4.  RE: How to fix SSH vulnerability. in Juniper switch

    Posted 09-14-2023 19:31

    You can tailor your SSH cipher suite like this:

    set system services ssh ciphers aes256-ctr
    set system services ssh macs hmac-sha2-256
    set system services ssh macs hmac-sha2-512
    set system services ssh hostkey-algorithm ssh-ed25519

    You can add multiple on each type if you have more than one algorithm that you approve of.




  • 5.  RE: How to fix SSH vulnerability. in Juniper switch

    Posted 09-15-2023 01:41
    Thanks a lot, I just execute this all and let you know after scan ,