Community Feedback

Hi,

My organization security scanning detected "The remote SSH server is configured to allow MD5 and 96-bit MAC algorithms" on Aruba 7010 with AOS ver8.4.

The Aruba 7010 controller are managed by Mobility Master, under SSH setting (folder level),  the HMAC-SHA1 is greyed out, is this algorithm mandatory to be enabled? What if I want to disable it to mitigate the vulnerability?

Will disable HMAC-SHA1 cause issue on communication between the controller and MM?




------------------------------
hinze a
------------------------------

Hi,

Do you have try using CLI ?

------------------------------
PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

ACEP / ACMX #107 / ACDX #1281
------------------------------

Original Message:
Sent: Jan 21, 2021 10:04 PM
From: hinze a
Subject: Disable SSH HMAC-SHA1 Greyed Out

Hi,

My organization security scanning detected "The remote SSH server is configured to allow MD5 and 96-bit MAC algorithms" on Aruba 7010 with AOS ver8.4.

The Aruba 7010 controller are managed by Mobility Master, under SSH setting (folder level),  the HMAC-SHA1 is greyed out, is this algorithm mandatory to be enabled? What if I want to disable it to mitigate the vulnerability?

Will disable HMAC-SHA1 cause issue on communication between the controller and MM?




------------------------------
hinze a
------------------------------