Primary Storage

Hello,

It is possible to remediate the following vulnerability in FlashSystem 9100:
SSH server is configured to support Cipher Block Chaining (CBC) encryption Port: TCP/22 Risk: 5 MEDIUM

Let me know,

------------------------------
Regards,

Jorge L
------------------------------

Hi Jorge, not sure what you want to achive exactly, but I read this in regards to a Linux server, perhaps it will give you an idea?

SSH Server CBC Mode Ciphers Enabled - turingsecure

Disable SSH Server Weak and CBC Mode Ciphers in Linux - DbAppWeb.com

------------------------------
Mark Mather
------------------------------

you can use lsecurity to check ssl/ssh security level.

Also use chsecurity command to change ssl/ssh security level.

https://www.ibm.com/docs/en/flashsystem-9x00/8.6.x?topic=r-security-levels-supported-security-ciphers

will give info for which ssl/ssh you can use.

------------------------------
Zhili Qiao
------------------------------

Hi Jorge,

Depending on your flash system firmware level 8.5 or 8.6, you have different SSL and SSH level to setup on FS9100, you can use lsecurity command to check your current SSH/SSl security level.

With fw 8.6 , you can setup SSL level 7 and SSH level 4 as highest.

here is reference link https://www.ibm.com/docs/en/flashsystem-9x00/8.6.x?topic=r-security-levels-supported-security-ciphers

CBC cipher are supported in SSL 1/2/3 and SSH1, if you change your security level on FS9100, you will remediate the vulnerability.

Hope it helps.

George Qiao