Go to All Forums

On-Premise Poller - SSH Weak Algorithms Supported

Within our company, we run active scans against all systems.  On all the Windows servers that is used as on-premise pollers, we run into the following:

 

This is showing up on versions 5.1.0, 4.6.3, and 5.0.0.  Is there a way to edit the config and/or registry to remove those weak algorithms or on the next update, is there plans to make it more secure?  If so, can you provide a date that is planned so I can put in an exception request for all the servers instead of removing it?

Like (4) Reply
Replies (3)

Re: On-Premise Poller - SSH Weak Algorithms Supported

Hi csheppard,

Thanks for bringing this up. We are already working to remove the weak algorithms. Please follow this thread for further updates.

Regards,

Krishna.

Like (0) Reply

Re: Re: On-Premise Poller - SSH Weak Algorithms Supported

 

Dear Sheppard,

     We have stopped the problematic service that started in on-premise poller. 

In general to remove weak algorithms follow these steps

Ensure that the On-Premise Poller is of version 4.6.9 or above.  If not, please update the On-Premise Poller to the latest version by navigating to Admin > On-Premise Poller and then hover over the hamburger icon on the right corner of the selected poller. Then click Upgrade and wait for a few mins for it to be upgraded.
  1. Navigate to the On-Premise Poller installed directory in your system and then open the conf folder.

  2. Right-click on the EUMServer.properties file and open it in any text editor. Use the below keys to disable the algorithms in the file. Be careful not to modify any existing keys in the EUMServer.properties file:          

    1. ftp.exclude.kex.alg

    2. ftp.exclude.ciphers

    3. ftp.exclude.hamcs

    4. ftp.exclude.public.key.alg

    5. ftp.exclude.digest

For instance, to exclude "diffie-hellman-group-exchange-sha256" from KEX and "hmac-sha256" & "hmac-sha2-256-96" from HAMCs, change the value of the keys "ftp.exclude.kex.alg"and "ftp.exclude.hamcs" provide the keys as mentioned below: 
                     ftp.exclude.hamcs=hmac-sha256, hmac-sha2-256-96
                     ftp.exclude.kex.alg=diffie-hellman-group-exchange-sha256

# Provide a comma-seperated list of algorithms to be excluded.
#Supported Key Exchange Algorithm : diffie-hellman-group-exchange-sha256, diffie-hellman-group18-sha512, diffie-hellman-group17-sha512, diffie-hellman-group16-sha512, diffie-hellman-group15-sha512, diffie-hellman-group14-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group1-sha1ftp.exclude.kex.alg=diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha256

#Supported Ciphers : ssh1-des, ssh1-3des, aes128-ctr, aes192-ctr, aes256-ctr, 3des-ctr, 3des-cbc, blowfish-cbc, aes128-cbc, aes192-cbc, aes256-cbc, arcfour, arcfour128, arcfour256, aes128-gcm@openssh.com, aes256-gcm@openssh.comftp.exclude.ciphers=aes192-ctr, aes256-ctr

#Supported HMAC : hmac-sha256, hmac-sha2-256-96, hmac-sha512, hmac-sha2-512-96, hmac-sha1, hmac-sha1-96, hmac-ripemd160, hmac-md5, hmac-md5-96 ftp.exclude.hamcs=hmac-sha256, hmac-sha2-256-96


#Supported Public Key : ssh-dss, ssh-rsa, x509v3-sign-rsa, x509v3-sign-dss, x509v3-sign-rsa-sha1, x509v3-ssh-rsa, x509v3-ssh-dss, x509v3-ecdsa-sha2-nistp256, x509v3-ecdsa-sha2-nistp384, x509v3-ecdsa-sha2-nistp521, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, x509v3-rsa2048-sha256, ssh-rsa-cert-v01@openssh.com, ssh-dss-cert-v01@openssh.com, ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp521-cert-v01@openssh.com, ssh-ed25519 ftp.exclude.public.key.alg=x509v3-sign-rsa, x509v3-sign-dss

#Supported Digest : MD5, SHA-1, SHA1, SHA-256, SHA-384, SHA-512

ftp.exclude.digest=SHA1, SHA-256
3. Restart the On-Premise Poller to get the changes updated.
 
 

-Jasper

Site24x7, PM

 

Like (0) Reply

Re: Re: Re: On-Premise Poller - SSH Weak Algorithms Supported

Thank you!  I will work on this today and run a remediation scan to make sure it clears.

Like (0) Reply

Was this post helpful?