HMC – SSH Server CBC Mode Ciphers Enabled – SSH Weak MAC Algorithms Enabled issue

information security department sent “SSH Server CBC Mode Ciphers Enabled” and “SSH Server CBC Mode Ciphers Enabled” issues on Hardware Management Console( HMC ) .How can I fix this?

First, you can learn current configuration below scripts.

hscroot@HMC-ODM:~> lshmcencr -c ssh -t c
"curr_encryptions=aes128-cbc,aes128-ctr,aes128-gcm@openssh.com,aes192-cbc,aes192-ctr,aes256-cbc,aes256-ctr,aes256-gcm@openssh.com,arcfour,arcfour128,arcfour256"
hscroot@HMC-ODM:~> lshmcencr -c sshmac -t c
"curr_encryptions=hmac-ripemd160,hmac-ripemd160-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com,umac-128@openssh.com,umac-64-etm@openssh.com,umac-64@openssh.com"

I want to use “arcfour,arcfour128,arcfour256 cipher” and “hmac-sha1,umac-64@openssh.com,hmac-ripemd160” macs.So I deleted others currenct configurations.

Delete ciphers:

chhmcencr -c ssh -o r -e aes128-cbc
chhmcencr -c ssh -o r -e aes128-gcm@openssh.com
chhmcencr -c ssh -o r -e aes192-cbc
chhmcencr -c ssh -o r -e aes256-cbc
chhmcencr -c ssh -o r -e aes256-gcm@openssh.com
chhmcencr -c ssh -o r -e arcfour
chhmcencr -c ssh -o r -e arcfour128
chhmcencr -c ssh -o r -e arcfour256

After that:

hscroot@HMC-ODM:~> lshmcencr -c ssh -t c
"curr_encryptions=aes128-ctr,aes192-ctr,aes256-ctr"

chhmcencr -c sshmac -o r -e hmac-ripemd160-etm@openssh.com
chhmcencr -c sshmac -o r -e hmac-sha1-etm@openssh.com
chhmcencr -c sshmac -o r -e hmac-sha2-256
chhmcencr -c sshmac -o r -e hmac-sha2-256-etm@openssh.com
chhmcencr -c sshmac -o r -e hmac-sha2-512
chhmcencr -c sshmac -o r -e hmac-sha2-512-etm@openssh.com
chhmcencr -c sshmac -o r -e umac-128-etm@openssh.com
chhmcencr -c sshmac -o r -e umac-128@openssh.com
chhmcencr -c sshmac -o r -e umac-64-etm@openssh.com

Finally.Thanks OK!
hscroot@HMC-ODM:~> lshmcencr -c sshmac -t c
"curr_encryptions=hmac-ripemd160,hmac-sha1,umac-64@openssh.com"

After that you cannot connect your HMC because this command stop your ssh connectivity.So you should login your HMC and start your Remote Command Execution section on your HMC settings.