Hello Sanjib,
Just tested on switch in my lab with 8320 on 10.08.1060 and can confirm it is working.
8320(config)# show ssh ser
SSH server configuration on VRF default :
IP Version : IPv4 and IPv6 SSH Version : 2.0
TCP Port : 22 Grace Timeout (sec) : 60
Max Auth Attempts : 6
Ciphers:
chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr,
aes128-gcm@openssh.com,
aes256-gcm@openssh.comHost Key Algorithms:
ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521,
ssh-ed25519, rsa-sha2-256, rsa-sha2-512, ssh-rsa
Key Exchange Algorithms:
curve25519-sha256,
curve25519-sha256@libssh.org, ecdh-sha2-nistp256,
ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256,
diffie-hellman-group16-sha512, diffie-hellman-group18-sha512,
diffie-hellman-group14-sha256, diffie-hellman-group14-sha1
MACs:
hmac-sha2-256-etm@openssh.com,
hmac-sha2-512-etm@openssh.com,
hmac-sha1-etm@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1
Public Key Algorithms:
rsa-sha2-256, rsa-sha2-512, ssh-rsa, ecdsa-sha2-nistp256,
ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-ed25519,
x509v3-rsa2048-sha256, x509v3-ssh-rsa, x509v3-sign-rsa,
x509v3-ecdsa-sha2-nistp256, x509v3-ecdsa-sha2-nistp384,
x509v3-ecdsa-sha2-nistp521
8320(config)# ssh mac
hmac-sha1
hmac-sha1-96
hmac-sha1-etm@openssh.comhmac-sha2-256
hmac-sha2-256-etm@openssh.comhmac-sha2-512
hmac-sha2-512-etm@openssh.com<cr>
8320(config)# ssh mac hmac-sha2-256
8320(config)# show ssh ser
SSH server configuration on VRF default :
IP Version : IPv4 and IPv6 SSH Version : 2.0
TCP Port : 22 Grace Timeout (sec) : 60
Max Auth Attempts : 6
Ciphers:
chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr,
aes128-gcm@openssh.com,
aes256-gcm@openssh.comHost Key Algorithms:
ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521,
ssh-ed25519, rsa-sha2-256, rsa-sha2-512, ssh-rsa
Key Exchange Algorithms:
curve25519-sha256,
curve25519-sha256@libssh.org, ecdh-sha2-nistp256,
ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256,
diffie-hellman-group16-sha512, diffie-hellman-group18-sha512,
diffie-hellman-group14-sha256, diffie-hellman-group14-sha1
MACs:
hmac-sha2-256
Public Key Algorithms:
rsa-sha2-256, rsa-sha2-512, ssh-rsa, ecdsa-sha2-nistp256,
ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-ed25519,
x509v3-rsa2048-sha256, x509v3-ssh-rsa, x509v3-sign-rsa,
x509v3-ecdsa-sha2-nistp256, x509v3-ecdsa-sha2-nistp384,
x509v3-ecdsa-sha2-nistp521
8320(config)#
Hope this helps!
------------------------------
-Alex-
------------------------------
Original Message:
Sent: Jul 28, 2022 04:21 AM
From: sanjib behera
Subject: Aruba Switch SSH How To Remove Deprecated Macs
Hi After using this command i am not getting the hmac-sha1-96 removed from my SSH Mac list.
It is still present.
------------------------------
Sanjib Behera
Highradius
Original Message:
Sent: Jul 28, 2022 03:59 AM
From: Alexander Maroukian
Subject: Aruba Switch SSH How To Remove Deprecated Macs
Hello Sanjib,
You may use the following comnmands to set up the SSH security (links with commands explained):
ssh ciphers
ssh host-key-algorithms
ssh key-exchange-algorithms
ssh public-key-algorithms
You can check the commands also on the link below:
https://www.arubanetworks.com/techdocs/AOS-CX/10.06/HTML/5200-7724/index.html#GUID-4E91622C-FF5B-4318-9F4E-7F903F90A73F.html
Hope this helps!
------------------------------
-Alex
Original Message:
Sent: Jul 27, 2022 09:44 AM
From: sanjib behera
Subject: Aruba Switch SSH How To Remove Deprecated Macs
Hi Team,
Can anyone help me with this, I have an Aruba 8320 Switch running onTL.10.06.0110 version. I need to remove "hmac-sha1-96" from the SSH server.
Please anyone guide me through the steps to make this done.
Thanks
Sanjib Behera
------------------------------
Sanjib Behera
Highradius
------------------------------