Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

SSH/SCP Connectivity Issue

As the Skyhigh systems are CentOS 7-based, it is evident that the systems are encountering SSH/SCP connectivity issues due to the hardened security policies of RHEL 9-based systems.  For example, SCP fails in pushing logs to a server.

To overcome such scenarios, one of the following actions to be performed:

IMPORTANT: Skyhigh Security recommends option 1 as the vulnerable algorithm will be used only during the SFTP session to the destination server.

  1. Utilize SFTP protocols instead of SCP for copying files.

    Sample:

    sftp://back.backup.ineris.fr/srv/dev-disk-by-uuid-67d5e851-4103-4bca-a2ad-96049c12ef2b/scp/skyhigh/isis

NOTE: Skyhigh Security recommends avoiding SCP protocols for copying files.
scp://back.backup.ineris.fr/srv/dev-disk-by-uuid-67d5e851-4103-4bca-a2ad-96049c12ef2b/scp/skyhigh/isis 

  1.  Configure the destination server to use an older auth algorithm:
  1. Edit the SSH daemon configuration file Open the /etc/ssh/sshd_config in a text editor with superuser privileges.
  2. Modify the configuration to allow older algorithms:
    Add or modify the following lines to specify the ciphers, key exchange algorithms, and message authentication codes (MACs) that are compatible with legacy systems:

{{Ciphers aes128-ctr,aes192-ctr,aes256-ctr

         KexAlgorithms diffie-hellman-group14-sha1

         MACs hmac-sha1}

NOTE: The above settings enable specific algorithms that are supported by older systems. Adjust these settings based on the exact requirements and security policies of your environment

  1. Upon saving the configuration file, run thesudo systemctl restart sshdcommand and restart the SSH daemon to apply new settings.

                   

  • Was this article helpful?