What exactly is being encrypted that causes a problem?
We need to see what is causing the problem, not what you believe will fix it. Please help us to help you.
Thanks for the showing interest in resolving my issue actually I cannot login into this server due to some restriction but I need to provide the solution to disable it. This is recommeded by audit team, please find below link
These are related to security issue. I am not able to find anything exactly related to disabling these for Solaris . Further I am able to find out only one solution on IBM/HPE site. I hope these will help you in finding the exact answer from Solaris point of view.
what version of Solaris has this issue? If you patched the system regularly this this was resolved in 2009.
These patches fix the problem:
Code:
Sparc:
Solaris 9 without patch 122300-38
Solaris 10 without patch 140774-02
x86 Platform:
Solaris 9 without patch 122301-38
Solaris 10 without patch 140775-02
If you have Oracle support contact them for help. You will have to have support anyway to get access to any patches. I do not think V9 patches are available anymore - maybe someone else knows more about v9 patches. At any rate the correct way to fix these issues is with a patch.
If I understand correctly:
You do not want to disable encryption. Period. Unless a misguided auditor tells you to do this in writing. You could be out of a job quickly.
Here is why: ssh may not talk to any other ssh client or server. The sshd.conf file specifies what encryption you use - the default for Solaris 10 was AES128, IRRC, for example.
So what Solaris version do you have, please show the output of:
Well I logged this issue here because I wanted to know if someone has already gone
through this issue & looking forward to disable specific CBC-mode ciphers only where have issues as I new that disabling all the CBC mode cipher might bring unpredictable results. So now finally even I have decided to go for higher version patch need to be installed for this issue to be resolved.
As far as Disabling 96-bit HMAC And MD5-based HMAC Algorithms are concern, I recently find the solution which is by adding "MACs hmac-sha1" to /etc/ssh/sshd_config & then restart the SSH service. & I believe , there is no patching required in this case.
MAC defaults are mention in man page of sshd_config
Hi,
As part of the security hardening activity in our team, we have to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption.
To do this, in sshd_config I comment out these lines :
Ciphers aes128-cbc,blowfish-cbc,3des-cbc
MACS hmac-sha1,hmac-md5
and add... (9 Replies)
Hi,
I did some NIS migration tests recently.
The target is to migrate the NIS server from Solaris 8 to Redhat Linux 6.5.
And, I found there are encryption issues while Linux NIS using MD5 hashing password for authentication whereas Solaris 8 clients using DES encryption.
It causes issues... (3 Replies)
Hi all,
I'm looking for secure file encryption tools that use MAC address as encryption key. FYI, I'm using Red Hat Enterprise Linux OS.
For example: when A wants to send file to B
A will encrypt the file with B's computer MAC/IP address as an encryption key
This file can only be decrypted... (2 Replies)
Hello,
I recently had a Retina scan of my system and there are some findings I do not understand.
SSL Week Cipher Strength Supported - Retina has detected that the targeted SSL Service supports a cryptographically weak cipher strength... Disable ciphers that support less than 128-bit... (4 Replies)
is there patches enable passwords of greater than 8 characters with only md5 encryption (rather than the older crypt) for solaris 8.
I am migrating a number of solaris 8 domains to branded zones. (1 Reply)
Hi,
Hi I have setup Websphere Portal and Apache server on Solaris.
The problem is that clients are allowed to negotiate lower encryption levels and by default the Websphere Apache HTTP server accepts 56-bit keys (your Firefox client requested 256-bit AES below).
So How to disable... (0 Replies)
Is it possible to change the type of encryption from MD5 to DES without removing a user?
Way back when this server was created, users were created with the MD5 encryption. Now, all users created with DES encryption. Is it possible to just change the type of password encryption? Users using... (1 Reply)
