Symantec Privileged Access Management

  • 1.  Supported SSH MAC Algorithms

    Posted Feb 07, 2017 09:07 AM

    We're currently using CA PAM 2.6 and while apply security benchmarks to our RHEL 6 hosts I've found that PAM supports a rather limited list of MAC algorithms.

     

    The security benchmark we use for RHEL 6 requires the MAC algorithms to be limited to the following.

    hmac-sha2-512,hmac-sha2-256 

     

    There are a few other algorithms allowed, but they aren't supported by OpenSSH 5.3p1 which is shipped in RHEL 6.

     

    PAM 2.6 supports the following MACs according to the error message I received.

    'mac-algorithms-cli2srv', our's: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96,hmac-ripemd160, peer's: hmac-sha2-256,hmac-sha2-512

     

    Does PAM 2.7 or 2.8 support any SHA2 MAC algorithms for SSH?



  • 2.  Re: Supported SSH MAC Algorithms

    Posted Feb 07, 2017 10:44 AM

    Are you using the applet or SSH proxy?  SSH proxy should support those suites in 2.8, and the applet should support them in upcoming 2.8.2 (timing TBD)...



  • 3.  Re: Supported SSH MAC Algorithms

    Posted Jun 14, 2017 08:21 AM

    Hi Ryan, did this issue get resolved in 2.8.2



  • 4.  Re: Supported SSH MAC Algorithms

    Broadcom Employee
    Posted Jun 14, 2017 10:03 AM

    Hello Shubham,

     

    According to the release notes this was resolved in 2.8.2. 

     

    See the documentation page here in the section "SHA-2 Support for the MindTerm SSH Applet" :

    New Features and Enhancements in 2.8.2 - CA Privileged Access Manager - 2.8.2 - CA Technologies Documentation 

     

    -Christian



  • 5.  RE: Re: Supported SSH MAC Algorithms

    Posted Jan 29, 2020 09:15 AM
    Hi Christian

    Currently in the version of PAM 3.3.1 this error occurs when I try to access a group of servers redhat 7.2. Why does this error occur?


  • 6.  RE: Re: Supported SSH MAC Algorithms

    Posted Feb 26, 2020 02:42 AM
      |   view attached
    Hello Christian, 

    As Julian mentioned earlier, we are having this issue also. When we try to launch the applet session to IBM AIX or Linux. Any suggestions?


  • 7.  Re: Supported SSH MAC Algorithms

    Posted Feb 07, 2017 10:52 AM

    Thank you. I'm guessing we're using the applet since it starts a Java based MindTerm window why I connect to a device via SSH.