HPE Community
BladeSystem - General
1752577 Members
4224 Online
108788 Solutions
New Discussion

Is it possible to disable ssh login in HPE Virtual connect FlexFabric 10G/24 Module

 
vinothsaran
Occasional Contributor

‎10-14-2017 09:39 PM

‎10-14-2017 09:39 PM

Is it possible to disable ssh login in HPE Virtual connect FlexFabric 10G/24 Module

Hi All,

i have 4 HPE Virtual connect FlexFabric 10G/24 Module's in my environment , i have patched the latest VC firmware 4.60  to fix SSH Server CBC Mode Ciphers Enabled  but it  fixes only 3des-cbc,blowfish-cbc and rest of the things are not fixed 

aes128-cbc
aes192-cbc
aes256-cbc
rijndael-cbc@lysator.liu.se

 cast128-cbc

Here is my questions 

1. is there any ssh configuration file in VC to disable the above encryption algorithms 

2. if there is no ssh configuration file in VC is it possible to  disable  ssh login in VC

It would be highly appreciated if you could help me on this.

Thanks and Regards

Vinothsaran

0 Kudos
Reply
7 REPLIES 7
RR33
HPE Pro

‎01-31-2018 01:12 AM - last edited a month ago by

‎01-31-2018 01:12 AM - last edited a month ago by

Re: Is it possible to disable ssh login in HPE Virtual connect FlexFabric 10G/24 Module

 

There will NOT be any specific files in VC for SSH.

Try using these for more details https://www.hpe.com/h41268/live/index_e.aspx?qid=11503 and https://techhub.hpe.com/eginfolib/securityalerts/SCAM/Side_Channel_Analysis_Method.html

[Moderator edit: Updated the broken link. Please refer to https://support.hpe.com/]

 

I am a HPE Employee.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
ronaldng
Senior Member

‎03-13-2024 12:18 AM

‎03-13-2024 12:18 AM

Re: Is it possible to disable ssh login in HPE Virtual connect FlexFabric 10G/24 Module

unable to access the links you provided.  please help.  and any method can disable ssh?  Please help! The customer keeps tracing me. Thanks in advance. 

0 Kudos
Reply
Greeshma21
HPE Pro

‎03-13-2024 01:41 AM

‎03-13-2024 01:41 AM

Re: Is it possible to disable ssh login in HPE Virtual connect FlexFabric 10G/24 Module

Hi @vinothsaran 

Please refer to the HPE Virtual Connect Manager Command Line
Interface for c-Class BladeSystem User Guide. It might help you!

Regards,
Greeshma

I'm an HPE employee.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
ronaldng
Senior Member

‎03-13-2024 02:28 AM

‎03-13-2024 02:28 AM

Re: Is it possible to disable ssh login in HPE Virtual connect FlexFabric 10G/24 Module

Hi Greeshma, Thanks but from user guide only show ssh command is related to ssh but seems none of them is related to disable the ssh daemon and disallow people to run ssh to access VCM.  Thanks. 

0 Kudos
Reply
Greeshma21
HPE Pro

‎03-13-2024 03:43 AM

‎03-13-2024 03:43 AM

Re: Is it possible to disable ssh login in HPE Virtual connect FlexFabric 10G/24 Module

Hi @ronaldng 

SSH is disabled when Two-Factor or CAC Authentication is enabled.
Please refer to the document for reference.

Regards,
Greeshma

I'm an HPE employee.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
Reply
ronaldng
Senior Member

‎03-13-2024 05:00 AM

‎03-13-2024 05:00 AM

Re: Is it possible to disable ssh login in HPE Virtual connect FlexFabric 10G/24 Module

Hi Greeshma, is it only on OA or VCM also? Because I can see only OA has such configuration.  Please advise. 

0 Kudos
Reply
Greeshma21
HPE Pro

‎03-13-2024 05:53 AM

‎03-13-2024 05:53 AM

Re: Is it possible to disable ssh login in HPE Virtual connect FlexFabric 10G/24 Module

Hi @ronaldng 

Yes, the link mentioned in my post above is for OA.  

     For Virtual Connect, we can only remove the custom SSH keys which are applied by the command 'remove ssh'. 

     Please refer to the document. (page no. 197). 

     Even this document has the command to set the cbc-cipher enabled/disabled for the VC. The command is "set ssh cbc-cipher=<enabled|disabled>"

Regards,
Greeshma

I'm an HPE employee.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.