Do lssrc -s ssh or lssrc -s sshd
Then if not active
Startsrc -s ssh or startsrc -s sshd
Original Message:
Sent: 3/16/2023 11:03:00 PM
From: Ary Syarifudin
Subject: RE: vulnerability SSH with Weak Encryption Algorithm in AIX 7.1
it was already uncommented, should i edit those lines ?
i had done test to update with the latest OpenSSL and OpenSSH and the result server unable to remote via SSH.
it's recommended that i should update TL5 SP10 for AIX 7.1 first
------------------------------
Ary Syarifudin
------------------------------
Original Message:
Sent: Thu March 16, 2023 09:29 AM
From: minesh patel
Subject: vulnerability SSH with Weak Encryption Algorithm in AIX 7.1
Yes,
You have to edit them. Or
OpenSSL
VRMF: 1.1.1.1200 (1.1.1l with all ciphers support)
openssl-1.1.1.1200.tar.Z (41335049)
VRMF: 1.1.2.1200 (1.1.1l with no-weak ciphers support)
openssl-1.1.2.1200.tar.Z (41228053)
OpenSSH
VRMF: 8.1.102.2105
OpenSSH_8.1.102.2105.tar.Z (12605103)
https://www.ibm.com/support/pages/downloading-and-installing-or-upgrading-openssl-and-openssh
Original Message:
Sent: 3/15/2023 4:04:00 AM
From: Ary Syarifudin
Subject: RE: vulnerability SSH with Weak Encryption Algorithm in AIX 7.1
i found it on /etc/ssh/ssh_config , are those lines above that you mentioned before?
------------------------------
Ary Syarifudin
Original Message:
Sent: Mon March 13, 2023 05:56 PM
From: minesh patel
Subject: vulnerability SSH with Weak Encryption Algorithm in AIX 7.1
You need to edit /etc/ssh/sshd_config fille.
# Disable CBC mode ciphers and weak MAC algorithms (MD5 and -96)
Ciphers
Stop and restart ssh.
Original Message:
Sent: 3/10/2023 5:38:00 AM
From: Ary Syarifudin
Subject: RE: vulnerability SSH with Weak Encryption Algorithm in AIX 7.1
.
------------------------------
Ary Syarifudin
Original Message:
Sent: Thu March 09, 2023 05:22 AM
From: Ary Syarifudin
Subject: vulnerability SSH with Weak Encryption Algorithm in AIX 7.1
Hi Hello,
kindly need your advice, it is about vulnerability "SSH with Weak Encryption Algorithm" in my AIX 7.1, our pentester recommended that deactivate CBC mode cipher, 3DES encryption, and RC4 mode cipher. And activate CTR or GCM mode cipher encryption.
i don't have idea how to do.
Thank You
------------------------------
~Ary Syarifudin
------------------------------