Comware Based
cancel
Showing results for 
Search instead for 
Did you mean: 

HP 5500 Disable SSH CBC and Weak MAC algorithm

 
Juancho1986CR
Occasional Advisor

HP 5500 Disable SSH CBC and Weak MAC algorithm

Hi,

Is there any way to disable SSH CBC mode ciphers and weak MAC Algorithms in a HP 5500-24G-PoE+-4SFP HI device running Version 5.20.99, Release 5501P28. I have found some documentation for other platforms however it does not work for this specific device (the documento I found is https://support.hpe.com/hpesc/public/docDisplay?docId=sf000021510en_us&docLocale=en_US).

 

Thanks in advance!

5 REPLIES 5
akg7
HPE Pro

Re: HP 5500 Disable SSH CBC and Weak MAC algorithm

Hello,

The docuemnt which you have mentioned is for comware 7 owever your device is running on comware 5.

 Are you not getting 'ssh2 ?' command in the switch?

Thanks!

I am an HPE Employee

Accept or Kudo

Juancho1986CR
Occasional Advisor

Re: HP 5500 Disable SSH CBC and Weak MAC algorithm

Hi,

Thanks for helping me on this. Exactly, I tried those commands knowing that I am running a different OS and hardware, however it has been the only documentation I have found thus far. The ssh2 command is not an option in the "system-view" mode, there is an option in the global mode however it is used to connect to a remote server not to change local device SSH settings.

jmpk
HPE Pro

Re: HP 5500 Disable SSH CBC and Weak MAC algorithm

Hi @Juancho1986CR 

Unfortunately you cannot disable SSH CBC mode ciphers and weak MAC Algorithms in COM5 devices. Its a limitation in COM5 devices. 


I work for HPEAccept or Kudo
Juancho1986CR
Occasional Advisor

Re: HP 5500 Disable SSH CBC and Weak MAC algorithm

Hi,

Thanks for the update. That is a bummer, do you happen to know if there is any documentation where this is indicated? I am handling this situation for a customer and it would be of much help for me if there is something I can share with him.

akg7
HPE Pro

Re: HP 5500 Disable SSH CBC and Weak MAC algorithm

Hello,

There are no specific document for this.

If customer really want to avoid those vulnerabilites then log a case with HPE support.  Product team help you for feature enhancement to introduce ssh2 command:
HPE Support Center portal:

https://support.hpe.com/hpesc/public/home/

Thanks!

I am an HPE Employee

Accept or Kudo