How to change SSH ciphers or MAC algorithms on Brocade FOS
Applies to
- Brocade FOS v7.4.0 and above
Description
Security scanner application may report Fabric OS (FOS) vulnerability - 'Deprecated SSH Cryptographic Settings' or 'SSH Weak MAC Algorithms Enabled' along with following messages:
- The remote SSH server is configured to allow weak encryption algorithms or no algorithm at all.
- The remote SSH Server Supports Weak Key Exchange Algorithms.
- The remote SSH Server Supports diffie-hellman-group1-sha1.
- The remote SSH server is configured to use the Arcfour stream cipher or no cipher at all.
- The remote SSH server is configured to allow MD5 and 96-bit MAC algorithms.
- The remote SSH server is configured to allow either MD5 or 96-bit MAC algorithms, both of which are considered weak.
- Audit flagged hmac-sha1