TABLE OF CONTENTS
- Product Details
- Issue/ Problem
- Impact
- Solution
- Best Practice
- Summary
Product : Zscaler Private Access (ZPA) App Connector
Component : Zscaler Client App
Version : 2.8.17 Build No. : 152.2
Issue/ Problem :
Customer request to Disable SHA1 and Enable SHA2 for App Connector VM after done Vulnerability Scanning
Impact :
No Impact but Increase Security as using SHA2
Solution :
Step 1:
Go to below directory and uncomment the below line
Vi /etc/sysconfig/sshd
Uncomment
CRYPTO_POLICY=
Step 2:
Go to the below directories and append the below lines at the end of file
vi /etc/ssh/sshd_config
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
Step 3:
systemctl restart sshd
sudo ssh -Q key
sudo SSH -t
Summary :
The method is only applied if customer request to rectify the SHA1 Ciphers after Vulnerability Scanning
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article