For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Ichnafi's avatar
Ichnafi
Icon for Cirrostratus rankCirrostratus
May 25, 2018

Why only two supported ciphers in ssh_config

Hello everyone, I recently tried to copy a file via scp from a BIG-IP and failed by "not matching ciphers". I had a look into it and stumbled upon the fact, that by default only aes128-cbc and aes2...
application delivery
BIG-IP
youssef1's avatar
youssef1
Icon for Cumulonimbus rankCumulonimbus
May 25, 2018

Hi Ichnafi,

 

By default, the sshd configuration does not include a specific set of ciphers or MAC algorithms for BIG-IP and BIG-IQ systems. However you can modify the encryption ciphers or the Message Authentication Code (MAC) algorithms used by the secure shell (SSH):

 

Check this link, it discribe how you can include additionl ciphers https://support.f5.com/csp/article/K80425458

 

hope it responds to your answer.

 

Regards

 

  • Gabriel_Y's avatar
    Gabriel_Y
    Icon for Nimbostratus rankNimbostratus
    Apr 17, 2020

    I applied this process, however is not working for version "BIG-IP 14.1.2".

    edit / sys sshd all-properties

    Change the parameter: 

    include "Ciphers arcfour256, aes256-ctr"

    But instead of change the exist value, it duplicated the line staying as follows:

    Somebody help me how to resolve this, please.