How do I restore support for disabled NE SSH algorithms?

CAUTION 

CAUTION

Service Disruption

Modifying the server configuration can have serious consequences that include service disruption.

Contact technical support before you attempt to modify the server configuration.

CAUTION 

CAUTION

Security Risk

Restoring support for older SSH algorithms lowers the level of security in your network.

You must perform the procedure only as an interim measure until the devices in your network support the newer SSH algorithms, or as directed by technical support.

Note: You must perform the procedure on each main server in the NFM-P system.

Note: In a redundant system, you must perform the procedure on the standby main server station first.

Steps
 

Log in to the main server station as the nsp user.

Open a console window.

Navigate to the /opt/nsp/nfmp/server/nms/config directory.

Create a backup copy of the nms-server.xml file, and store the file in a secure location on a station outside the management network.

Open the nms-server.xml file using a plain-text editor such as vi.

Locate the section that begins and ends with following XML comment tags:

  <!--<sshSecurity

        -->

Locate the section that immediately follows; the section begins and ends with following XML tags:

  <sshSecurity

            />

Replace the two sections with the following:

Note: The content below may include line breaks inserted during the publishing of this guide. You must join the broken lines by removing any line breaks between quotation marks.

 <!-- <sshSecurity
bypassIgnoreSshKeyMismatch="false"
cipherAlgorithms="chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,arcfour256,arcfour128,3des-cbc,blowfish-cbc"
kexAlgorithms="curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group18-sha512,diffie-hellman-group17-sha512,diffie-hellman-group16-sha512,diffie-hellman-group15-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1"
macAlgorithms="hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96"
signatureAlgorithms="ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ss-ed25519,sk-ecdsa-sha2-nistp256@openssh.com,sk-ssh-ed25519@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss"
/>
-->
<sshSecurity
bypassIgnoreSshKeyMismatch="false"
cipherAlgorithms="chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,arcfour256,arcfour128,3des-cbc,blowfish-cbc"
kexAlgorithms="curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group18-sha512,diffie-hellman-group17-sha512,diffie-hellman-group16-sha512,diffie-hellman-group15-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1"
macAlgorithms="hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96"
signatureAlgorithms="ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ss-ed25519,sk-ecdsa-sha2-nistp256@openssh.com,sk-ssh-ed25519@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss"
/>

Save and close the nms-server.xml file.

10 

Enter the following to restart the main server:

Note: When you restart the primary main server in a redundant system, a server activity switch begins, and the standby main server restarts as the primary main server. If you want to restore the initial primary and standby roles, you must perform this step on the standby main server once again after the server initializes as the primary.

bash$ /opt/nsp/nfmp/server/nms/bin/nmsserver.bash force_restart ↵

11 

Close the open console windows.

End of steps