Weak ssh hmac forced by zimbra

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
banym
Posts: 1
Joined: Tue May 29, 2018 2:17 pm

Weak ssh hmac forced by zimbra

Post by banym »

After deactivating weak HMAC the zimbra deamon could not connect over ssh to the local machine.
Due to this fact, the admin interace throw SOAP errors.
I found that the included client only supports hmac-sha1-96,hmac-sha1,hmac-md5-96,hmac-md5. This looks quite legacy to me. Are there plans to update the used ssh client to support more up to date hmacs and ciphers :?:

Regards,

Dominik
Top
User avatar
msquadrat
Advanced member
Advanced member
Posts: 183
Joined: Mon Oct 14, 2013 10:09 am

Re: Weak ssh hmac forced by zimbra

Post by msquadrat »

Since AFAIK Zimbra stilluses the outdated Ganymed SSH library I don't think this is possible without a few changes and switching to a library like JSSH. If you're running a NE install, you should open a support case in the support portal with this question.

That said, (I learned this from Zimbra staff) is HMAC-SHA1 (contrary to plain SHA1) still secure though, even HMAC-MD5 was even still considered secure last time I checked.
Top
Post Reply

Return to “Administrators”