Comware

Hi,

Is there any way to disable SSH CBC mode ciphers and weak MAC Algorithms in a HP 5500-24G-PoE+-4SFP HI device running Version 5.20.99, Release 5501P28. I have found some documentation for other platforms however it does not work for this specific device (the documento I found is https://support.hpe.com/hpesc/public/docDisplay?docId=sf000021510en_us&docLocale=en_US).

Thanks in advance!

Hello,

The docuemnt which you have mentioned is for comware 7 owever your device is running on comware 5.

 Are you not getting 'ssh2 ?' command in the switch?

Thanks!

Hi,

Thanks for helping me on this. Exactly, I tried those commands knowing that I am running a different OS and hardware, however it has been the only documentation I have found thus far. The ssh2 command is not an option in the "system-view" mode, there is an option in the global mode however it is used to connect to a remote server not to change local device SSH settings.

Hi @Juancho1986CR 

Unfortunately you cannot disable SSH CBC mode ciphers and weak MAC Algorithms in COM5 devices. Its a limitation in COM5 devices. 

Hi,

Thanks for the update. That is a bummer, do you happen to know if there is any documentation where this is indicated? I am handling this situation for a customer and it would be of much help for me if there is something I can share with him.

Hello,

There are no specific document for this.

If customer really want to avoid those vulnerabilites then log a case with HPE support.  Product team help you for feature enhancement to introduce ssh2 command:
HPE Support Center portal:

https://support.hpe.com/hpesc/public/home/

Thanks!