HPE Community
Comware Based
1820290 Members
2880 Online
109622 Solutions
New Discussion

Re: HP 5500 Disable SSH CBC and Weak MAC algorithm

 
Juancho1986CR
Advisor

‎03-02-2021 05:58 PM

‎03-02-2021 05:58 PM

HP 5500 Disable SSH CBC and Weak MAC algorithm

Hi,

Is there any way to disable SSH CBC mode ciphers and weak MAC Algorithms in a HP 5500-24G-PoE+-4SFP HI device running Version 5.20.99, Release 5501P28. I have found some documentation for other platforms however it does not work for this specific device (the documento I found is https://support.hpe.com/hpesc/public/docDisplay?docId=sf000021510en_us&docLocale=en_US).

 

Thanks in advance!

0 Kudos
5 REPLIES 5
akg7
HPE Pro

‎03-02-2021 06:32 PM

‎03-02-2021 06:32 PM

Re: HP 5500 Disable SSH CBC and Weak MAC algorithm

Hello,

The docuemnt which you have mentioned is for comware 7 owever your device is running on comware 5.

 Are you not getting 'ssh2 ?' command in the switch?

Thanks!

Note: While I am an HPE Employee, all of my comments (whether noted or not), are my own and are not any official representation of the companyAccept or Kudo
Juancho1986CR
Advisor

‎03-02-2021 06:51 PM

‎03-02-2021 06:51 PM

Re: HP 5500 Disable SSH CBC and Weak MAC algorithm

Hi,

Thanks for helping me on this. Exactly, I tried those commands knowing that I am running a different OS and hardware, however it has been the only documentation I have found thus far. The ssh2 command is not an option in the "system-view" mode, there is an option in the global mode however it is used to connect to a remote server not to change local device SSH settings.

0 Kudos
jmpk
HPE Pro

‎03-02-2021 08:16 PM

‎03-02-2021 08:16 PM

Re: HP 5500 Disable SSH CBC and Weak MAC algorithm

Hi @Juancho1986CR 

Unfortunately you cannot disable SSH CBC mode ciphers and weak MAC Algorithms in COM5 devices. Its a limitation in COM5 devices. 


I work for HPEAccept or Kudo
Juancho1986CR
Advisor

‎03-03-2021 06:50 AM

‎03-03-2021 06:50 AM

Re: HP 5500 Disable SSH CBC and Weak MAC algorithm

Hi,

Thanks for the update. That is a bummer, do you happen to know if there is any documentation where this is indicated? I am handling this situation for a customer and it would be of much help for me if there is something I can share with him.

0 Kudos
akg7
HPE Pro

‎03-03-2021 03:05 PM

‎03-03-2021 03:05 PM

Re: HP 5500 Disable SSH CBC and Weak MAC algorithm

Hello,

There are no specific document for this.

If customer really want to avoid those vulnerabilites then log a case with HPE support.  Product team help you for feature enhancement to introduce ssh2 command:
HPE Support Center portal:

https://support.hpe.com/hpesc/public/home/

Thanks!

Note: While I am an HPE Employee, all of my comments (whether noted or not), are my own and are not any official representation of the companyAccept or Kudo
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.