Use of strong ciphers / MAC algorithms - WeOnlyDo Discussion board

Use of strong ciphers / MAC algorithms (wodSSH / wodSSH.NET)

by sshcipher, Tuesday, August 04, 2020, 14:44 (1323 days ago)

Hi,

I received a question from someone in my company. We're running SSH-2.0-WeOnlyDo-wodFTPD 3.3.0.424,
and we are apparently using "weak" ciphers and MAC algorithms (MD5/SHA1 - CBC modes etc). I was wondering if you could provide guidance as to how we can enforce the use of strong ciphers.
Is this a config thing where we edit the conf file, or do we need to update our current version? Would be grateful for all help.

Use of strong ciphers / MAC algorithms

by Jasmine, Tuesday, August 04, 2020, 16:14 (1323 days ago) @ sshcipher

Hi.

Yes, you can use EncryptionList, HMACList, KeyExchangeList properties and remove or rearrange ciphers on that list to suit your needs. You can not add new ones on the list, of course, since they are not implemented by wodFTPServer.

I hope this helps!
Jasmine.

Use of strong ciphers / MAC algorithms

by sshcipher, Wednesday, August 05, 2020, 09:14 (1322 days ago) @ Jasmine

Hi,

Thank you for your reply! It is very appreciated.

I have a follow-up question. When looking at the server in shodan.io it lists hmac-sha1 and hmac-md5 as the available mac algorithms.

When looking at the wosSSH Help - HMac list I see that more secure algorithms are supported. Does this mean that the server is running an outdated version and should be updated if we want to use for example hmac-sha2-256-etm@openssh.com ? Since we cannot add new ones.

Use of strong ciphers / MAC algorithms

by Jasmine, Wednesday, August 05, 2020, 10:27 (1322 days ago) @ sshcipher

Hi.

Yes, it's possible you're using very old version so you should update to the latest for stronger ciphers.

Regards,
Jasmine.

Use of strong ciphers / MAC algorithms

by sshcipher, Wednesday, August 05, 2020, 11:07 (1322 days ago) @ Jasmine

Thank you!