Version 15.1X49-D50.3
Here's how to disable chain-block mode ciphers for SSHv2 in JunOS. This quick howto will show you how to disable sshv2 cipher in JunOS SRX
You can disable these in the cli using the following commands.
And then test for allowance of CBC after re-configuring.
That's all that's required to locked down the JunosSRX firewall from weaker SSH ciphers. You would think by now the security vendors would set the default to be CTR based ciphers and require you to actually enable CBC mode if so desired.
read more here in one of my previous blog;
http://socpuppet.blogspot.com/2013/04/ssh-and-ciphers-tipstricks.html
Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \
No comments:
Post a Comment