Unsolved
1 Rookie
•
40 Posts
0
375
September 12th, 2023 19:22
iDRAC failing security audit - ssh supports weak HMAC
Hi there, I have a handful of iDRACs (idrac 9, firmware version 6.10.30.20) that are failing security audit with the following message. "The SSH server supports cryptographically weak hash-based message authentication codes (HMACs) including MD5 or 96-bit hash-based algorithms". The strange thing is that they are configured exactly the same as neighbor iDRACs that do not fail audit. I have set TLS set to only 1.3 and Encryption to 256-bit or higher under iDRAC Settings > Services > Web Server. Is there another setting I'm missing? If this is a False Positive, how can I prove it? I guess I could disable SSH to resolve, but that seems drastic. Thanks!
No Events found!
dkraut
1 Rookie
•
40 Posts
0
September 15th, 2023 13:39
Couldn't find a solution so in case anyone reads this in the future, my solution was to disable SSH in iDRAC. If you use the SSH functionality of iDRAC this will not work for you, but for us, we only access iDRAC using https. To disable SSH, From GUI > iDRAC Settings > Services > SSH > Disable > Apply