07-03-2018 09:12 AM
We have found the following vulnerability in our SAN switch. Reviewing the documentation to close this vulnerability:
SSH Weak Algorithms Supported --> Nessus has detected that the remote SSH server is configured to use the Arcfour stream cipher or no cipher at all. RFC 4253 advises against using Arcfour due to an issue with weak keys.
The following weak server-to-client encryption algorithms are supported : arcfour arcfour128 arcfour256 The following weak client-to-server encryption algorithms are supported : arcfour arcfour128 arcfour256 Port: ssh (22/tcp)
I am still validating some information about it. I have found that a way to deal with this vulnerability is by changing the encryption algorithms from "arcfour, arcfour128, arcfour256" to "aes128-ctr,aes192-ctr,aes256-ctr". However, I still have to confirm this is the best solution for you. As soon as I have validated this information I will let you know.
Any recommendations that I should review?
Do any of you know the procedure of this solution in case it is correct?
07-04-2018 03:24 AM
starting with FOS 7.4 you should be able to change the algorithms with the secCryptoCfg CLI. Use the Command Reference Manual for further details.