Steps to disable SSH CBC Mode Ciphers on port 2222 in Red Hat Virtualization Manager
Issue
- ovirt-vmconsole enables secure access to virtual machine serial console. It uses SSH protocol to tunnel the console from customer to destination host.
- When nmap utility is being run on port 2222 following CBC Mode Ciphers are seen enabled.
# nmap --script ssh2-enum-algos -sV -p 2222 manager.example.com
Starting Nmap 6.40 ( http://nmap.org ) at 2021-07-09 13:44 EDT
Nmap scan report for manager.example.com (10.x.x.x)
Host is up (0.000088s latency).
PORT STATE SERVICE VERSION
2222/tcp open ssh OpenSSH 7.4 (protocol 2.0)
...
| encryption_algorithms (12)
| chacha20-poly1305@openssh.com
| aes128-ctr
| aes192-ctr
| aes256-ctr
| aes128-gcm@openssh.com
| aes256-gcm@openssh.com
| aes128-cbc
| aes192-cbc
| aes256-cbc
| blowfish-cbc
| cast128-cbc
| 3des-cbc
Environment
- Red Hat Virtualization 4.3
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.