Need stronger DES for SSH setup

Unanswered Question
May 1st, 2008

I have a remote site that conducted a security scan into their perimeter environment. As part of this scan, an issue has been exposed that shows that the Cisco 3750 devices allow connections via SSH using weak ciphers (DES). Is there a way to lock the cipher to a stronger one (3DES or AES). If not, is there a Cisco IOS version/feature set that supports setting the maximum cipher to be used?

Currently, the 3750s are running IOS:

Version 12.2(25)SEE, RELEASE SOFTWARE (fc2)

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
cleidh_mor Fri, 05/02/2008 - 02:01

I'm not sure about that particular IOS version, but it should be possible to set the ssh server version to 2 using the command

ip ssh version 2

in global config mode. I tried some debug when connecting to an IOS SSH v2 box and it used AES128 as the default. It may be possible to tie the SSH server down further.


This Discussion