NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
ReadyNAS RR4360S Diable weak ciphers and weak algorithms
Looking for best practice for disabling weak ssh ciphers and weak MAC algortihms. This system seems to be built off-standard from Debain OS feel.
If the underlying OS can be updated, that info would be great as well.
6 Replies
Replies have been turned off for this discussion
Do not attempt to update the underlying Debian unless you are replacing ReadyNASOS in it's entirety. You'll break some of the Netgear stuff that relies on specific versions (and is the reason full Debian updates are so slow to come out in ReadyNASOS, I'm sure). Even updating just specific packages can cause issues.
Sounds good.
How do I remove the weak/bad ciphers from the system... add a Ciphers line to /etc/sshd_conf?I think you must mean /etc/ssh/sshd_config.
I don't have that level of knowlege of Debian and SSH. But I can make this advice: don't just start trying it on your live RR4360. Try it on a "sandbox" system, a desktop NAS for just such experiments or even a VM -- something you can factory default without consequence if you mess up. You definately don't want to lock yourself out of that NAS by an editing mistake or trying something not supported.
See Setup-ReadyNAS-OS-on-VirtualBox for seting up a VM. Once set up with that outdated OS version, you can do normal OS updates to reach the same version as your production NAS. Once you have it running, you can make clones for experiments and just kill them if they implode. Or a legacy desktop system (maybe with a VGA port) converted to OS6 would also work well.
Reporting back anything you find out -- successful or unsuccessful -- would be appreciated by the community.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
