About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Question & Answer
Question
HMC has SSH Weak ciphers "arcfour,arcfour128,arcfour256".
Cause
You may have run a security scan or your auditor may have highlighted that "SSH Weak Algorithms Supported" and you would like to address them.
"The following Weak server-to-client encryption algorithms are supported : arcfour,arcfour128,arcfour256".
Answer
- Run lshmcencr to list ssh ciphers:
lshmcencr -c ssh -t c << to list current ciphers in play.
lshmcencr -c ssh -t a << to list available ciphers.
- As hscroot run these commands to remove ciphers for ssh:
chhmcencr -c ssh -o r -e arcfour
chhmcencr -c ssh -o r -e arcfour128
chhmcencr -c ssh -o r -e arcfour256
- Reboot HMC afterwards , to apply the changes.
- After rebooting run "lshmcencr -c ssh -t c" again.
- Then submit this HMC for a RESCAN of the Vulnerability tool, those acrfour's should be disabled.
[{"Product":{"code":"SWG10","label":"AIX"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"--","Platform":[{"code":"PF002","label":"AIX"}],"Version":"Not Applicable","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]
Was this topic helpful?
Document Information
More support for:
AIX
Software version:
Not Applicable
Operating system(s):
AIX
Document number:
632613
Modified date:
17 June 2018
UID
isg3T1026093
Manage My Notification Subscriptions