Forum Discussion
Mate_132781
Cirrostratus
Hi,
I have BIG-IP 11.6 and looks like that theese two commands (for MACs and ciphers) are mutually exclusive, for example, if I enter:
modify sys sshd include "MACs hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com"
save sys config partitions all
restart sys service sshd
Configuration of SSH deamon looks like:
sys sshd {
banner enabled
banner-text "Any unauthorized access is strictly prohibited
and will be prosecuted to the full extent of
applicable local and international law.
All access is monitored."
inactivity-timeout 900
include "MACs hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com"
log-level verbose
}
If after that I enter:
modify sys sshd include "Ciphers aes128-ctr,aes192-ctr,aes256-ctr"
save sys config partitions all
restart sys service sshd
Configuration looks like:
sys sshd {
banner enabled
banner-text "Any unauthorized access is strictly prohibited
and will be prosecuted to the full extent of
applicable local and international law.
All access is monitored."
inactivity-timeout 900
include "Ciphers aes128-ctr,aes192-ctr,aes256-ctr"
log-level verbose
}
How can I change ciphers and MACs together, because I need to disable CBC encryption anf MD5 and 96-bit MAC algorithms?
refra_151287
Sep 15, 2015Cirrus
Hi Mate, It's really what happened with me, but after doing the performing PenTest again, I found the changes happened, you can check that and feedback us.