Configure SSH - Basic Settings


     In Firewall Analyzer, you can use SSH to communicate with your firewall and other security devices. But SSH has vulnerabilities, which can be avoided with following configuration:

    Blocked Ciphers

    • 3des-ctr
    • aes128-ctr
    • 3des-cbc
    • blowfish-cbc
    • aes128-cbc
    • arcfour
    • arcfour128

    All the selected Ciphers will be blocked, when you use SSH in Firewall Analyzer.

    Allowed Key Exchanges

    • diffie-hellman-group14-sha1
    • diffie-hellman-group1-sha1
    • diffie-hellman-group-exchange-sha1
    • diffie-hellman-group-exchange-sha256
    • ecdh-sha2-nistp256
    • ecdh-sha2-nistp384
    • ecdh-sha2-nistp521

    Only the selected key exchanges will be allowed, when you use SSH in Firewall Analyzer.

    Blocked HMACs

    • hmac-md5
    • hmac-md5-etm@openssh.com
    • hmac-sha1
    • hmac-sha1-etm@openssh.com
    • hmac-md5-96
    • hmac-sha1-96
    • hmac-sha256
    • hmac-sha2-256
    • hmac-sha256@ssh.com
    • hmac-sha2-256-etm@openssh.com
    • hmac-sha2-256-96
    • hmac-sha512
    • hmac-sha2-512
    • hmac-sha512@ssh.com
    • hmac-sha2-512-etm@openssh.com
    • hmac-sha2-512-96
    • hmac-ripemd160
    • hmac-ripemd160@openssh.com
    • hmac-ripemd160-etm@openssh.com

    All the selected HMACs will be blocked, when you use SSH in Firewall Analyzer.

    Note: IA server restart will be required for these settings to take effect.