01-05-2008 06:02 AM - edited 03-11-2019 04:44 AM
I am currently logging into the Pix 8.0(2) using
ssh version 2. This is my test box:
aaa authentication ssh console ABC LOCAL
aaa accounting ssh console ABC
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 60
ssh version 2
I want to only allow people to ssh into this
pix with AES256-HMAC-SHA1. Furthermore, I want
to disable anyone from ssh into this pix using
either AES256-HMAC-MD5 or 3DES-HMAC-MD5. How
do I go about accomplishing this?
Here is an example:
[root@Linux root]# ssh -v -c 3des -l test1 192.168.1.202
debug1: Remote protocol version 2.0, remote software version Cisco-1.25
debug1: no match: Cisco-1.25
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client 3des-cbc hmac-md5 none
debug1: kex: client->server 3des-cbc hmac-md5 none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: Next authentication method: password
test1@192.168.1.202's password:
[root@Linux root]# ssh -v -c aes256-cbc -l test1 192.168.1.202
OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Remote protocol version 2.0, remote software version Cisco-1.25
debug1: no match: Cisco-1.25
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes256-cbc hmac-md5 none
debug1: kex: client->server aes256-cbc hmac-md5 none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: Authentications that can continue: password
debug1: Next authentication method: password
test1@192.168.1.202's password:
[root@Linux root]# ssh -v -c aes256-cbc -m hmac-sha1 -l test1 192.168.1.202
OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Remote protocol version 2.0, remote software version Cisco-1.25
debug1: no match: Cisco-1.25
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes256-cbc hmac-sha1 none
debug1: kex: client->server aes256-cbc hmac-sha1 none
debug1: Authentications that can continue: password
debug1: Next authentication method: password
test1@192.168.1.202's password:
01-11-2008 06:15 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide