Monday, October 2, 2017

HOWTO disable CBC ciphers in JunosSRX for SSH

JunOS
Version 15.1X49-D50.3

Here's how to disable chain-block mode ciphers for SSHv2 in JunOS. This quick howto will show you how to disable  sshv2 cipher  in JunOS SRX


You can disable these in  the cli using the following commands.

 



And then test  for allowance of CBC after re-configuring.







That's all that's required to locked down the JunosSRX firewall  from weaker SSH ciphers. You would think by now the security vendors would set the default to be CTR based ciphers and require you to actually enable CBC mode if so desired.

read more here in one of my previous blog;

http://socpuppet.blogspot.com/2013/04/ssh-and-ciphers-tipstricks.html



Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
         o 


        /  \

No comments:

Post a Comment