Disabling Unapproved Crypto Algorithms

SSH works on three security modes default-mode, FIPS-mode, and Secure-Mode (see Security Mode Overview). In each mode, you can configure the required ciphers and MACs from a list using the CLI. Different modes support a different list of ciphers. By default, all available ciphers and MACs in the modes are configured unless otherwise indicated (see Supported Ciphers and MACs).

Table 1. Supported Ciphers and MACs
Mode Ciphers MACs
Default

Enabled by default:

aes128-ctr, aes192-ctr, aes256-ctr, chacha20-poly1305@openssh.com

Disabled by default:

3des-cbc, blowfish-cbc, aes128-cbc, aes192-cbc, aes256-cbc, cast128-cbc, rijndael-cbc@lysator.liu.se, arcfour, arcfour128, arcfour256

Enabled by default:

hmac-sha1-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com; hmac-sha1, hmac-sha2-256, hmac-sha2-512

Disabled by default:

hmac-md5, hmac-md5-96, hmac-md5-etm@openssh.com, hmac-md5-96-etm@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-ripemd160-etm@openssh.com, hmac-sha1-96, hmac-sha1-96-etm@openssh.com

FIPS

3des-cbc, aes128-cbc, aes192-cbc, aes256-cbc, aes128-ctr, aes192-ctr, aes256-ctr, rijndael-cbc@lysator.liu.se

hmac-sha1, hmac-sha2-256, hmac-sha2-512

Secure

aes128-ctr, aes192-ctr, aes256-ctr

hmac-sha1; hmac-sha2-256; hmac-sha2-512

By default, weaker ciphers/MACs are disabled, while the remaining ciphers/MACs are enabled (see Default mode in Supported Ciphers and MACs). This is the default mode of operation. A switch can move from this default mode to FIPS mode. Changing from default mode to FIPS mode requires switch reboot. Until reboot, all the SSH connections use default mode configurations. Since the configuration is already changed by the user (here FIPS mode), updated configuration is displayed. On reboot, only FIPS mode ciphers/MACs are available in SSH for configuration. Again, disabling FIPS mode requires a system reboot. Until reboot, SSH server supports only FIPS mode ciphers/MACs. Since the user configured disabling FIPS mode, the corresponding updated configuration appears. It is recommended to update the FIPS mode once all the operations are completed. None of the security related configurations are supposed to be changed after updating the FIPS mode. This is because the behavior is undefined in those scenarios.

SSH supports Secure-Mode, which is allows only highly secure ciphers/MACs. Secure-Mode is a feature of SSH alone. This has no effect on other modules that use cryptograph like FIPS-mode. Configuring Secure-Mode does not require a switch reboot. The changes are immediate. Secure-mode and FIPS-mode are not mutually exclusive. Secure-Mode supports fewer ciphers/MACs than FIPS mode, so you only have Secure-Mode ciphers/MACs available for configuration with both Secure-Mode and FIPS-Mode are enabled. Internally, Secure-Mode ueses FIPS library for cryptography instead of OpenSSL library. Once Secure-Mode is disabled, the SSH server moves to either default-mode or FIPS-mode, based on FIPS-Mode configuration. However, those ciphers/MACs that are configured before enabling/disabling Secure-Mode are lost. So, for each mode update, SSH server configuration of ciphers/MACs is reset. You have to configure ciphers/MACs each time if you configured SSH server for using particular ciphers/MACs. From the list of available ciphers/MACs, you can configure the required ciphers/MACs, and disable the ciphers/MACs that are not required.

Disabling all the ciphers/MACs does not allow any incoming connection from the clients. This happens because the incoming connections are not able to negotiate for a common cipher/MAC.