08-28-2023 02:09 PM
Hi, I am having problems with pushing log files to a Server running RHEL 9. In the ssh log on the server i see this here
fatal: mm_answer_sign: sign: error in libcrypto
I believe the OpenSSH Version from the ESA server (OpenSSH_7.3) is not compatible with the Server SSH-2.0-OpenSSH_8.7. I have the possibility to modify the config on the server for the ESA server by configuring the settings in .ssh/config file. I did this already by setting the HostKeyAlgorithms, PubkeyAcceptedKeyTypes, PubkeyAcceptedAlgorithms. This helped already but I still need the KexAlgorithms and MACs the ESA server using.
Host 10.1.64.11
HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa
KexAlgorithms
MACs
Does anybody know what those settings should be?
thanks
Alex
08-28-2023 02:13 PM
check this may help you :
08-28-2023 02:31 PM
Hi BB,
thanks for the link. I've read this before. I am worry a bit enabling SHA1 system wide on the server since SHA1 was officially declared insecure by the National Institute of Standards and Technology (NIST) in 2011. I also don't understand why Cisco I still running OpenSSL Version 7, which has a lot of vulnerabilities, on a system like ESA.
I would prefer to configure it host based rather than system wide.
Best regards
Alex
08-29-2023 08:31 AM
then you seen uplift your certs to meet the requirement
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide