Print Page | Close Window

Linux v7 SSH issue

Printed From: Rocket Software
Category: AccuTerm Knowledge Base (read only)
Forum Name: Connectivity
Forum Description: Questions about serial, modem, telnet and secure shell connections?
URL: https://forum.asent.com/forum_posts.asp?TID=2716
Printed Date: March 28 2024 at 12:11pm
Software Version: Web Wiz Forums 12.03 - http://www.webwizforums.com


Topic: Linux v7 SSH issue
Posted By: JTeter
Subject: Linux v7 SSH issue
Date Posted: May 03 2019 at 2:57pm
We are installing new Linux boxes with version 7 and as a part of hardening the boxes, we have lost connectivity through AccuTerm. It's been identified as the following line in the 'sshd_config' file: 

# Supported MACs | CIS 5.2.11
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com

Apparently, AccuTerm is not yet able to handle the encryption schemes for these items. We have done a temporary fix by commenting out the "MACS" line but need to get the permanent fix in before we can use these hardened servers with AccuTerm in production.

Any timeline for delivering the SSH update that's been mentioned in previous posts?

Thanks!




Replies:
Posted By: TonyG
Date Posted: May 03 2019 at 3:19pm
To be clear, which "v7" are you using, and which "Linux" distro and version?

I've been using v7.4a against the latest Linux Ubuntu and CentOS with no issues.

-------------
Tony Gravagno Nebula Research & Development
TG@ Nebula-RnD . com
http://Nebula-RnD.com/blog
http://Twitter.com/TonyGravagno
http://groups.google.com/group/mvdbms
https://www.linkedin.com/groups/64935


Posted By: wwf_admin
Date Posted: May 06 2019 at 6:17pm
Hi Jeff -

We have a 7.4 release available which includes the newer MAC algorithms, but it is not the default download on the web site, because it requires a new 3-part license key, and AccuTerm Maintenance. Users who inadvertently downloaded this release were unable to use their old 2-part license keys leading to frustration, so 7.4 is an optional upgrade specifically for those needing updated encryption. Please contact Jill to confirm your license key and she can get you the 7.4 download link (jillo at zumasys dot com).
Thanks, Pete


Posted By: JTeter
Date Posted: May 07 2019 at 1:51pm
Tony,

Here's our current version info:
Operating System: Red Hat Enterprise Linux
     CPE OS Name: cpe:/o:redhat:enterprise_linux:7.6:GA:server

Our NetOps folks are doing things to 'harden' our servers and this particular item has popped up. Looks like there is a fix available.



Posted By: TonyG
Date Posted: May 07 2019 at 2:00pm
Yeah, we're on the same page. I went through a similar effort recently, as discussed in another thread here. The latest AccuTerm does include the latest algorithms, which I've verified as functional, and I believe older insecure ones have been deprecated or removed.
You're in a good place. Good luck!!

-------------
Tony Gravagno Nebula Research & Development
TG@ Nebula-RnD . com
http://Nebula-RnD.com/blog
http://Twitter.com/TonyGravagno
http://groups.google.com/group/mvdbms
https://www.linkedin.com/groups/64935



Print Page | Close Window

Forum Software by Web Wiz Forums® version 12.03 - http://www.webwizforums.com
Copyright ©2001-2019 Web Wiz Ltd. - https://www.webwiz.net