Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Sky Enterprise] What are the currently supported SSH ciphers that Sky Enterprise servers accept?

0

0

Article ID: KB36122 KB Last Updated: 07 Aug 2020Version: 1.0
Summary:

When devices connect to Sky Enterprise, they communicate via SSH NETCONF. For Payment Card Industry (PCI) compliance, sometimes it is desired to restrict the ciphers that are being negotiated from a device.

This article lists the currently supported SSH ciphers that the Sky Enterprise servers accept.

 

Symptoms:
  • Devices need to negotiate with Sky Enterprise via SSH, and some SSH ciphers will not communicate with Sky Enterprise, and the device will appear offline.  

  • When running telnet to Sky Enterprise via port 4087, it does show that it connects on port 4087.

 

Solution:

The following are the SSH ciphers that are currently supported on Sky Enterprise:

  • aes128-gcm@openssh.com
  • chacha20poly1305ID
  • aes128-ctr
  • aes192-ctr
  • aes256-ctr

If you explicitly filter SSH to not use any of the above ciphers, the Sky Enterprise SSH handshake will fail.  

 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search