Plantronics + Polycom. Now together as Poly Logo

Deprecated SSH Settings present on VVX devices

SOLVED
Highlighted
Occasional Contributor

Deprecated SSH Settings present on VVX devices

Good afternoon

 

Our internal security Qualys scanning has flagged that several of our VVX devices still using the key exchange -  diffie-hellman-group1-sha1#  on 311's & 401's

 

The devices have the default ciphers of ALL:!aNULL:!eNULL:!DSS:!SEED:!ECDSA:!IDEA:!MEDIUM:!LOW:!EXP:!DH:!AECDH:!PSK:!SRP:!MD5:!RC4:@STRENGTH

 

What would be the correct configuration to disable this? I've tried various configurations without any success.

Any advice would be appreciated

Message 1 of 4
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Polycom Employee & Community Manager

Re: Deprecated SSH Settings present on VVX devices

Hello @MrMaiTai 

 

I am going to move this into the Skype for Business section and the next step has already been outlined.

 

  • Use the document provided to change the cipher
    or
  • Open a support ticket

Nothing was attached and no serial was provided so we cannot recommend the partner who can raise this for you.

 

Best Regards

 

Steffen Baier

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

View solution in original post

Message 4 of 4
3 REPLIES 3
Highlighted
Polycom Employee & Community Manager

Re: Deprecated SSH Settings present on VVX devices

Hello @MrMaiTai ,

 

Welcome to the Poly Community. Usually, we require the below:

Both the communities Must Read First and the FAQ reference the basic minimum information a new or follow up post should contain.

This ensures the questions having to be asked are limited and any new or follow up post contains the right amount of details to ensure any voluntary participant within the community does not spend additional time chasing basic information.

As a reminder the basic information asked for:

UC Software 4.0.0 or later via the Web Interface Utilities > Phone Backup & Restore > Phone Backup > Phone Backup. Please rename into .TXT or Zip the file to attach.
Since UC Software 5.9.0 simply provide this via the Web Interface Diagnostics > Download Support Information Package

  • If possible provide a Log and either attach them or use the Code Tag.Consult the Troubleshooting Section found within the FAQ if applicable
  • If possible provide the MAC Address or Serial of the device
  • Provide details for example if the issue is a day 1 issue or only happened after an upgrade or any other relevant details
  • For questions around Support please check here

Whilst providing some of these details may not directly impact any possible answer the community can provide, it does enable Poly to have an overview of the current software used. In addition, providing all details at the same time allow us to check logs or look up potential support partners if an issue needs to come into support. It also enables us to verify the entitlement for using features.


Please ensure you always check the FAQ's and/or utilize the community search before posting any new topics or follow up posts.

 

Sep 21, 2016 Question: Can you change the Cipher Suites on Poly IP Phones?

Resolution: Please check => here <=

 

The next step would be to raise a ticket.


In order to raise a support ticket, you need to work with your Poly reseller as they may need to do this for you.

End Customers are usually unable to open a ticket directly with Poly support. Available End User Poly services offerings are detailed here

If this is some sort of an Internet discounter providing your MAC address or your Poly devices serial will enable us to look up who would be able to support you. This may not be who you purchased the Poly device from.

If the unit is no longer within the warranty please be prepared to Pay Per Incident / PPI. This is all outlined in detail here


Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 2 of 4
Highlighted
Occasional Contributor

Re: Deprecated SSH Settings present on VVX devices

Thanks for the reply Steffen

 

Here is a selection of the devices with firmware and platform with a backup supplied.

 

VVX 401

5.9.5.0614

Skype

VVX 311

5.9.5.0614

Skype

VVX 311

5.9.5.0614

Skype

 

Gauging by the Cipher document, adding the cipher to the string excludes it from use. Assuming !DH is Diffie Hellman, it should be excluded.

 

ALL:!aNULL:!eNULL:!DSS:!SEED:!ECDSA:!IDEA:!MEDIUM:!LOW:!EXP:!DH:!AECDH:!PSK:!SRP:!MD5:!RC4:@STRENGTH

 

Appreciate any suggestions

Message 3 of 4
Highlighted
Polycom Employee & Community Manager

Re: Deprecated SSH Settings present on VVX devices

Hello @MrMaiTai 

 

I am going to move this into the Skype for Business section and the next step has already been outlined.

 

  • Use the document provided to change the cipher
    or
  • Open a support ticket

Nothing was attached and no serial was provided so we cannot recommend the partner who can raise this for you.

 

Best Regards

 

Steffen Baier

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

View solution in original post

Message 4 of 4