In the latest version of SAM 6.2.2, the SAM ssh client's authorization algorithms support just includes the below:
Supported Ciphers:
AES-128-CTR
AES-192-CTR
AES-256-CTR
AES-128-CBC
AES-192-CBC
AES-256-CBC
3-DES-CBC
Supported MACs:
HMAC-SHA1
HMAC-SHA-96
HMAC-SHA-256
HMAC-SHA-512
Key Exchange:
Diffe-Hellman-Group1-SHA1
Diffe-Hellman-Group14-SHA1
Serge Key Algorithm
SSH-RSA
SSH-DSS
In the latest and updated security approach SHA2 is the replacement of SHA1 (same approach has been applied to snmp protocol as snmp v2c found to be majority replaced the use of snmp v1 nowaday. For the document on OpenSSH 7.0, Diffe-Hellman-Group1-SHA1 already configured to be disabled on initial setup.). The further support of SHA2 under KEX (key exchange) and MACs (Message Authorization Control) is really todays' business needs to further remove the major barrier on Linux-based machine application monitoring using scripting approach. In my end user environment, it will be great if SolarWinds could provides ecdh-sha2-nistp521 and/or diffie-hellman-group-exchange-sha256 in KEX technology, hmac-sha2-512 and hmac-sha2-256 in MACs in either coming hot-fixes or minor release of SAM (say 6.2.4 as 6.2.3 already under release stage) Thanks.
With Best Regards,
HC Wong
e-mail: hon-cheong.wong@pccw.com
