cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
320
Views
0
Helpful
1
Replies

Need stronger DES for SSH setup

rlortiz
Level 1
Level 1

I have a remote site that conducted a security scan into their perimeter environment. As part of this scan, an issue has been exposed that shows that the Cisco 3750 devices allow connections via SSH using weak ciphers (DES). Is there a way to lock the cipher to a stronger one (3DES or AES). If not, is there a Cisco IOS version/feature set that supports setting the maximum cipher to be used?

Currently, the 3750s are running IOS:

Version 12.2(25)SEE, RELEASE SOFTWARE (fc2)

1 Reply 1

cleidh_mor
Level 1
Level 1

I'm not sure about that particular IOS version, but it should be possible to set the ssh server version to 2 using the command

ip ssh version 2

in global config mode. I tried some debug when connecting to an IOS SSH v2 box and it used AES128 as the default. It may be possible to tie the SSH server down further.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: