Alexander,
I find the idea of wildcarding ciphers to disable interesting. Where
did you get this list?
Thanks.
On Wed, Jun 19, 2024 at 11:57:54AM +0000, Alexander Pettitt via IBM TechXchange Community wrote:
> Add
>
>
> MACs -"*sha1*"
> KexAlgorithms -"*sha1*"
> HostKeyAlgorithms -ssh-rsa
> Ciphers
-chacha20-poly1305@openssh.com>
>
> to /etc/ssh/sshd_config
>
>
> validate you have not made any mistakes with
>
>
> sshd -t
>
>
> restart sshd
>
>
> lssrc -s sshd ; stopsrc -s sshd ; start -s sshd
>
>
> ------------------------------
> Alexander Pettitt
> ------------------------------
> -------------------------------------------
> Original Message:
> Sent: Wed June 19, 2024 02:38 AM
> From: Elangovan Subramaniyan
> Subject: SHA1 deprecated Vulnerability issue in AIX 7.3
>
>
> How to mitigate below Vulnerability issue on AIX 7.3
>
>
>
> 1 ) SHA1 deprecated setting for SSH
> 2) Deprecated SSH Cryptographic Settings
>
>
> ------------------------------
> Elangovan Subramaniyan
> ------------------------------
>
>
> Reply to Sender :
https://community.ibm.com/community/user/eGroups/PostReply?GroupId=6799&MID=411882&SenderKey=d3e69c58-e33a-47f1-8774-01890e117038>
> Reply to Discussion :
https://community.ibm.com/community/user/eGroups/PostReply?GroupId=6799&MID=411882>
>
>
> You are subscribed to "Power Global" as
Russell.Adams@AdamsSystems.nl. To change your subscriptions, go to
http://community.ibm.com/community/user/preferences?section=Subscriptions. To unsubscribe from this community discussion, go to
http://community.ibm.com/HigherLogic/eGroups/Unsubscribe.aspx?UserKey=c23dfccc-9910-40ae-beeb-fdcbced5bf1f&sKey=KeyRemoved&GroupKey=e848454b-3e30-41a6-a89e-b7d4e9cabffc.------------------------------------------------------------------
Russell Adams
Russell.Adams@AdamsSystems.nlPrincipal Consultant Adams Systems Consultancy
https://adamssystems.nl/
Original Message:
Sent: 6/19/2024 7:58:00 AM
From: Alexander Pettitt
Subject: RE: SHA1 deprecated Vulnerability issue in AIX 7.3
Add
MACs -"*sha1*"
KexAlgorithms -"*sha1*"
HostKeyAlgorithms -ssh-rsa
Ciphers -chacha20-poly1305@openssh.com
to /etc/ssh/sshd_config
validate you have not made any mistakes with
sshd -t
restart sshd
lssrc -s sshd ; stopsrc -s sshd ; start -s sshd
------------------------------
Alexander Pettitt
------------------------------
Original Message:
Sent: Wed June 19, 2024 02:38 AM
From: Elangovan Subramaniyan
Subject: SHA1 deprecated Vulnerability issue in AIX 7.3
How to mitigate below Vulnerability issue on AIX 7.3
1 ) SHA1 deprecated setting for SSH
2) Deprecated SSH Cryptographic Settings
------------------------------
Elangovan Subramaniyan
------------------------------