AIQUM shows false SSH is using insecure ciphers with REST based acquisition via Cloud Agent
Applies to
- ActiveIQ Unified Maager (AIQUM) 9.14+
- ONTAP 9.14.x and above
- Cloud Agent based acquisition
Issue
- AIQUM shows false SSH is using insecure ciphers with REST based acquisition
- Event details:
Event: SSH is using insecure ciphers
SSH is using insecure ciphers.
Suggested Actions to Fix The Issue
Ciphers with the suffix CBC are considered insecure.
To remove the CBC ciphers, run the ONTAP command
security ssh remove -vserver <admin vserver name> -ciphers aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc
- The alert comes back even after removing the indicated *cbc ciphers
security ssh show -vserver cjib* -ciphers *cbc
There are no entries matching your query.
- ZAPI based acquisition doesnt show this behavior