Open for Voting

Enable secure SSH algorithms for Key Exchange, MAC, and Cipher - items supported by wodSSH but not by Solarwinds

We need secure options for NCM to SSH into our nodes. The ciphers that are currently available via NCM have many non-secure options and for the MAC algorithms there are currently zero options that are considered secure by the cybersecurity world.  We Only Do SSH does support the more secure options but Solarwinds is not using the current version of the tool. 

ronhilldiscover

  • I contacted SolarWinds about this and opened a support case(below). After the "Feature Request" was "created" the support case was closed without any communication to me about my issue or stats moving forward.  I have also been unable to FIND this supposed "Feature Request" that was created for me. Thank you for contacting SolarWinds Support.

    I have submitted this feature request to our development team as requested:
    CUST-95445
    to include a cipher of
    ecdsa-sha2-nistp521

    We value your opinion as a customer and without you we wouldn’t have such strong features in our products. The development teams look very closely at each one to determine viability and will decide on the timeline of the release (if they decide to implement the feature). We cannot deliver timeframes or release dates for all feature requests.

    You may also post your request to the Thwack forum for the SolarWinds product you wish to see improved.

    Support for SSH - host key algorithm ecdsa-sha2-nistp521 - Feature Requests - Network Configuration Manager (NCM) - THWACK (solarwinds.com)

    Thwack Feature Request forums are here: thwack.solarwinds.com/.../feature-request_tht.
    Create a post titled “FEATURE REQUEST - Name of the Feature Request” and detail your request including the case number. These forums are monitored by our Product Managers. This will allow other customers to voice their opinions as to whether they would find the feature useful.

    You may find "What we are working on" interesting:
    thwack.solarwinds.com/.../43025

    "How To Create Ideas and Feature Requests"
    thwack.solarwinds.com/.../DOC-167238

    "Ideation Process & FAQ"
    thwack.solarwinds.com/.../DOC-167239


    Check out our new Success Center at support.solarwinds.com/Success_Center - find solutions, training, help, and more!

    Regards,

    Kim Do

    Senior SolarWinds Technical Support
    My Working Hours: 9:00 am - 6:00 pm MDT Monday to Friday


    --------------- Original Message ---------------
    From: MENNINGEN, JASON A CTR USAF AFMC AFLCMC/HBMSS [jason.menningen.1.ctr@us.af.mil]
    Sent: 12/1/2022 9:52 AM
    To: technicalsupport@solarwinds.com
    Subject: RE: [URL Verdict: Neutral][Non-DoD Source] Case # - 01229955 Our Network Infrastructure devices are being mandated to use ecdsa-sha2-nistp521 HostKeyAlgorithms for ssh. This has disabled our ability to use NCM to manage our devices. [ ref:_00D506e2N._5002


    Hello Kim,

    Yes Please submit a feature request on our behalf. And if possible, could you respond with a description of that process? To my understanding more of our Infrastructure devices will soon be required to use this ssh Key Algorithm in the future. Plus while looking for an answer prior to the ticket in both google and THWACK, there are a lot of customers out there experiencing the same limitation we are.

    Jason Menningen
    Network Engineer
    USAF AFMC AFLCMC/HBMSS Network Support
    General Dynamics Information Technology
    475 Regency Park, Suite 300, O'Fallon, IL 62229
    Phone#: (618) 256-3624
    DSN#: (001) 576-3624
    EC-VoIP#: (302) 576-1192
    Cell#: (618) 580-2361
    NIPR Email: jason.menningen.1.ctr@us.af.mil
    SIPR Email: jason.a.menningen.ctr@mail.smil.mil



    From: noreply@salesforce.com <noreply@salesforce.com> On Behalf Of Support Team - Technical Support Address
    Sent: Wednesday, November 30, 2022 6:55 PM
    To: MENNINGEN, JASON A CTR USAF AFMC AFLCMC/HBMSS <jason.menningen.1.ctr@us.af.mil>
    Subject: [URL Verdict: Neutral][Non-DoD Source] Case # - 01229955 Our Network Infrastructure devices are being mandated to use ecdsa-sha2-nistp521 HostKeyAlgorithms for ssh. This has disabled our ability to use NCM to manage our devices. [ ref:_00D506e2N._5002J...

    Hello, Jason

    This is Kim with SolarWinds.

    I can definitely see why we wanted to use ecdsa-sha2-nistp521 cipher as it is more secure compared to what NCM defaulted to.

    This is the currently supported Cipher for SolarWinds: Supported algorithms and cipher for NPM and NCM for Orion SSH (solarwinds.com)

    If we can not use any other than ecdsa-sha2-nistp521, then I will be more than happy to submit a feature request for you.

    Regards,

    Kim Do

    Senior SolarWinds Technical Support
    My Working Hours: 9:00 am - 6:00 pm MDT Monday to Friday


    --------------- Original Message ---------------
    From: Jason Menningen [jason.menningen.1.ctr@us.af.mil]
    Sent: 11/30/2022 9:34 AM
    To:
    Subject: CREATE

    I need a way to add the ssh ecdsa-sha2-nistp521 HostKeyAlgorithms to manage our devices. We are running SolarWinds Platform, NTA, NCM, NPM: 2022.3.0

    ref:_00D506e2N._5002J1cCF6m:ref

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 190,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification SolarWinds Lab Link Accounts
About THWACK Blogs Federal & Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2021 SolarWinds Worldwide, LLC. All Rights Reserved.