Switching

how to fix SSH vulnerability. which Ciphers need to disable or enable 

Hi Syed, 

Can you please provide more information on the SSH vulnerability issue your having so I can try to help and advise?

KR, 

Ethan

------------------------------
Ethan Jackson

Original Message:
Sent: 09-12-2023 09:11
From: Syed Yasir
Subject: How to fix SSH vulnerability. in Juniper switch

how to fix SSH vulnerability. which Ciphers need to disable or enable 

Thanks  ETH4N3T actually we run a scan  after the in few juniper switches EX3400 found SSH vulnerability I try to fix it to modify SSH chippers option to disable  but its already showing this  and available option is so I little bit confuse how to fix it,

warning: element 'aes128-cbc' not found

aes128-cbc           128-bit AES with Cipher Block Chaining
  aes128-ctr           128-bit AES with Counter Mode
  aes128-gcm@openssh.com  128-bit AES with Galois/Counter Mode
  aes192-cbc           192-bit AES with Cipher Block Chaining
  aes192-ctr           192-bit AES with Counter Mode
  aes256-cbc           256-bit AES with Cipher Block Chaining
  aes256-ctr           256-bit AES with Counter Mode
  aes256-gcm@openssh.com  256-bit AES with Galois/Counter Mode
  arcfour              128-bit RC4 with Cipher Block Chaining 
  arcfour128           128-bit RC4 with Cipher Block Chaining 
  arcfour256           256-bit RC4 with Cipher Block Chaining 
  blowfish-cbc         128-bit Blowfish with Cipher Block Chaining 
  cast128-cbc          128-bit CAST with Cipher Block Chaining 
  chacha20-poly1305@openssh.com  ChaCha20 stream cipher and Poly1305 MAC
{master:1}[edit]

Hi Syed, 

Can you please provide more information on the SSH vulnerability issue your having so I can try to help and advise?

KR, 

Ethan

------------------------------
Ethan Jackson

Original Message:
Sent: 09-12-2023 09:11
From: Syed Yasir
Subject: How to fix SSH vulnerability. in Juniper switch

how to fix SSH vulnerability. which Ciphers need to disable or enable 

You can tailor your SSH cipher suite like this:

set system services ssh ciphers aes256-ctr
set system services ssh macs hmac-sha2-256
set system services ssh macs hmac-sha2-512
set system services ssh hostkey-algorithm ssh-ed25519

You can add multiple on each type if you have more than one algorithm that you approve of.

Thanks  ETH4N3T actually we run a scan  after the in few juniper switches EX3400 found SSH vulnerability I try to fix it to modify SSH chippers option to disable  but its already showing this  and available option is so I little bit confuse how to fix it,

warning: element 'aes128-cbc' not found

aes128-cbc           128-bit AES with Cipher Block Chaining
  aes128-ctr           128-bit AES with Counter Mode
  aes128-gcm@openssh.com  128-bit AES with Galois/Counter Mode
  aes192-cbc           192-bit AES with Cipher Block Chaining
  aes192-ctr           192-bit AES with Counter Mode
  aes256-cbc           256-bit AES with Cipher Block Chaining
  aes256-ctr           256-bit AES with Counter Mode
  aes256-gcm@openssh.com  256-bit AES with Galois/Counter Mode
  arcfour              128-bit RC4 with Cipher Block Chaining 
  arcfour128           128-bit RC4 with Cipher Block Chaining 
  arcfour256           256-bit RC4 with Cipher Block Chaining 
  blowfish-cbc         128-bit Blowfish with Cipher Block Chaining 
  cast128-cbc          128-bit CAST with Cipher Block Chaining 
  chacha20-poly1305@openssh.com  ChaCha20 stream cipher and Poly1305 MAC
{master:1}[edit]

Hi Syed, 

Can you please provide more information on the SSH vulnerability issue your having so I can try to help and advise?

KR, 

Ethan

------------------------------
Ethan Jackson

Original Message:
Sent: 09-12-2023 09:11
From: Syed Yasir
Subject: How to fix SSH vulnerability. in Juniper switch

how to fix SSH vulnerability. which Ciphers need to disable or enable