SSH/SCP Connectivity Issue
As the Skyhigh systems are CentOS 7-based, it is evident that the systems are encountering SSH/SCP connectivity issues due to the hardened security policies of RHEL 9-based systems. For example, SCP fails in pushing logs to a server.
To overcome such scenarios, one of the following actions to be performed:
IMPORTANT: Skyhigh Security recommends option 1 as the vulnerable algorithm will be used only during the SFTP session to the destination server.
- Utilize SFTP protocols instead of SCP for copying files.
Sample:
sftp://back.backup.ineris.fr/srv/dev-disk-by-uuid-67d5e851-4103-4bca-a2ad-96049c12ef2b/scp/skyhigh/isis
NOTE: Skyhigh Security recommends avoiding SCP protocols for copying files.
scp://back.backup.ineris.fr/srv/dev-disk-by-uuid-67d5e851-4103-4bca-a2ad-96049c12ef2b/scp/skyhigh/isis
- Configure the destination server to use an older auth algorithm:
- Edit the SSH daemon configuration file
Open the /etc/ssh/sshd_configin a text editor with superuser privileges. - Modify the configuration to allow older algorithms:
Add or modify the following lines to specify the ciphers, key exchange algorithms, and message authentication codes (MACs) that are compatible with legacy systems:
{{Ciphers aes128-ctr,aes192-ctr,aes256-ctr
KexAlgorithms diffie-hellman-group14-sha1
MACs hmac-sha1}
NOTE: The above settings enable specific algorithms that are supported by older systems. Adjust these settings based on the exact requirements and security policies of your environment
- Upon saving the configuration file, run the
sudosystemctl restartsshdcommand and restart the SSH daemon to apply new settings.