Wired Intelligent Edge

 View Only
last person joined: 21 hours ago 

Bring performance and reliability to your network with the Aruba Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of the ArubaOS-Switch and ArubaOS-CX devices, and find ways to improve security across your network to bring together a mobile first solution.
Expand all | Collapse all

Aruba Switch SSH How To Remove Deprecated Macs

This thread has been viewed 23 times
  • 1.  Aruba Switch SSH How To Remove Deprecated Macs

    Posted Jul 27, 2022 09:44 AM
    Hi Team,

    Can anyone help me with this, I have an Aruba 8320 Switch running on TL.10.06.0110 version. I need to remove "hmac-sha1-96" from the SSH server.
    Please anyone guide me through the steps to make this done.


    Thanks
    Sanjib Behera


    ------------------------------
    Sanjib Behera
    Highradius
    ------------------------------


  • 2.  RE: Aruba Switch SSH How To Remove Deprecated Macs

    EMPLOYEE
    Posted Jul 28, 2022 04:00 AM
    Hello Sanjib,

    You may use the following comnmands to set up the SSH security (links with commands explained):

    ssh ciphers
    ssh host-key-algorithms
    ssh key-exchange-algorithms
    ssh public-key-algorithms


    You can check the commands also on the link below:
    https://www.arubanetworks.com/techdocs/AOS-CX/10.06/HTML/5200-7724/index.html#GUID-4E91622C-FF5B-4318-9F4E-7F903F90A73F.html


    Hope this helps!

    ------------------------------
    -Alex-
    ------------------------------



  • 3.  RE: Aruba Switch SSH How To Remove Deprecated Macs

    Posted Jul 28, 2022 04:22 AM
    Hi After using this command i am not getting the hmac-sha1-96 removed from my SSH Mac list.
    It is still present.



    ------------------------------
    Sanjib Behera
    Highradius
    ------------------------------



  • 4.  RE: Aruba Switch SSH How To Remove Deprecated Macs

    EMPLOYEE
    Posted Jul 28, 2022 05:04 AM
    Hello Sanjib,

    Just tested on switch in my lab with 8320 on 10.08.1060 and can confirm it is working.

    8320(config)# show ssh ser

    SSH server configuration on VRF default :

    IP Version : IPv4 and IPv6 SSH Version : 2.0
    TCP Port : 22 Grace Timeout (sec) : 60
    Max Auth Attempts : 6

    Ciphers:
    chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr,
    aes128-gcm@openssh.com, aes256-gcm@openssh.com

    Host Key Algorithms:
    ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521,
    ssh-ed25519, rsa-sha2-256, rsa-sha2-512, ssh-rsa

    Key Exchange Algorithms:
    curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256,
    ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256,
    diffie-hellman-group16-sha512, diffie-hellman-group18-sha512,
    diffie-hellman-group14-sha256, diffie-hellman-group14-sha1

    MACs:
    hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com,
    hmac-sha1-etm@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1

    Public Key Algorithms:
    rsa-sha2-256, rsa-sha2-512, ssh-rsa, ecdsa-sha2-nistp256,
    ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-ed25519,
    x509v3-rsa2048-sha256, x509v3-ssh-rsa, x509v3-sign-rsa,
    x509v3-ecdsa-sha2-nistp256, x509v3-ecdsa-sha2-nistp384,
    x509v3-ecdsa-sha2-nistp521

    8320(config)# ssh mac
    hmac-sha1
    hmac-sha1-96
    hmac-sha1-etm@openssh.com
    hmac-sha2-256
    hmac-sha2-256-etm@openssh.com
    hmac-sha2-512
    hmac-sha2-512-etm@openssh.com
    <cr>
    8320(config)# ssh mac hmac-sha2-256
    8320(config)# show ssh ser

    SSH server configuration on VRF default :

    IP Version : IPv4 and IPv6 SSH Version : 2.0
    TCP Port : 22 Grace Timeout (sec) : 60
    Max Auth Attempts : 6

    Ciphers:
    chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr,
    aes128-gcm@openssh.com, aes256-gcm@openssh.com

    Host Key Algorithms:
    ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521,
    ssh-ed25519, rsa-sha2-256, rsa-sha2-512, ssh-rsa

    Key Exchange Algorithms:
    curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256,
    ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256,
    diffie-hellman-group16-sha512, diffie-hellman-group18-sha512,
    diffie-hellman-group14-sha256, diffie-hellman-group14-sha1

    MACs:
    hmac-sha2-256

    Public Key Algorithms:
    rsa-sha2-256, rsa-sha2-512, ssh-rsa, ecdsa-sha2-nistp256,
    ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-ed25519,
    x509v3-rsa2048-sha256, x509v3-ssh-rsa, x509v3-sign-rsa,
    x509v3-ecdsa-sha2-nistp256, x509v3-ecdsa-sha2-nistp384,
    x509v3-ecdsa-sha2-nistp521

    8320(config)#


    Hope this helps!

    ------------------------------
    -Alex-
    ------------------------------



  • 5.  RE: Aruba Switch SSH How To Remove Deprecated Macs

    EMPLOYEE
    Posted Jul 28, 2022 05:40 AM
    10.06.0110 is quite old, see if you can upgrade it at least to the latest maintenance version on 10.08 or 10.09

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.
    ------------------------------