Allow only ssh version 2 with aes256-cbc hmac-sha1 to IOS router

Unanswered Question
Jul 17th, 2009
User Badges:
  • Silver, 250 points or more

I have a requirement on my IOS router running IOS latest version of 12.4T.


I want to configure the router so that it only accepts ssh version 2 connection with aes256-cbc hmac-sha1. Every other ssh connections such as aes192-cbc hmac-sha1 or hmac-md5 will fail.


I can get this to work on a Unix/Linux box in less than 10 seconds. However, I am struggling to get this to work in IOS routers.


Anyone know how to do this? Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Edison Ortiz Sat, 07/18/2009 - 05:55
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

You only have 2 options for SSH server support on IOS, per the documentation:


SSH server and SSH client are supported on DES (56-bit) and 3DES (168-bit) data encryption software images only. In DES software images, DES is the only encryption algorithm available. In 3DES software images, both DES and 3DES encryption algorithms are available.


http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_cfg_secure_shell_ps6350_TSD_Products_Configuration_Guide_Chapter.html

cisco24x7 Sat, 07/18/2009 - 07:01
User Badges:
  • Silver, 250 points or more

I don't think you're correct. This is what I am getting when ssh into a IOS 12.4T:


debug1: SSH2_MSG_KEXINIT received

debug1: kex: server->client aes256-cbc hmac-sha1 none

debug1: kex: client->server aes256-cbc hmac-sha1 none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent


clearly the router is taking AES256-cbc with SHA-1.


But that's not what I am asking. I know that 3DES, AES-128, AES-192 and AES-256 are availalble on Cisco IOS. The question I am asking is how to make the IOS accept ONLY aes-256 with SHA-1.


Here is the rest of the output:


[[email protected]-labgw]# ssh -v -c aes256-cbc -m hmac-sha1 -l cciesec 192.168.15.201

OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: Applying options for *

debug1: Rhosts Authentication disabled, originating port will not be trusted.

debug1: Connecting to 192.168.15.201 [192.168.15.201] port 22.

debug1: Connection established.

debug1: identity file /root/.ssh/identity type -1

debug1: identity file /root/.ssh/id_rsa type 1

debug1: identity file /root/.ssh/id_dsa type -1

debug1: Remote protocol version 1.99, remote software version Cisco-1.25

debug1: no match: Cisco-1.25

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug1: kex: server->client aes256-cbc hmac-sha1 none

debug1: kex: client->server aes256-cbc hmac-sha1 none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

debug1: Host '192.168.15.201' is known and matches the RSA host key.

debug1: Found key in /root/.ssh/known_hosts:9

debug1: ssh_rsa_verify: signature correct

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug1: SSH2_MSG_NEWKEYS received

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug1: Authentications that can continue: keyboard-interactive,password

debug1: Next authentication method: keyboard-interactive

Password:

debug1: Authentication succeeded (keyboard-interactive).

debug1: channel 0: new [client-session]

debug1: Entering interactive session.

debug1: channel 0: request pty-req

debug1: channel 0: request shell

debug1: channel 0: open confirm rwindow 1024 rmax 4096


R2851-3#sh ver

Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(24)T, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2009 by Cisco Systems, Inc.

Compiled Wed 25-Feb-09 17:55 by prod_rel_team


ROM: System Bootstrap, Version 12.4(13r)T5, RELEASE SOFTWARE (fc1)


R2851-3 uptime is 1 week, 1 day, 23 hours, 24 minutes

System returned to ROM by reload at 15:28:00 gmt Thu Jul 9 2009

System restarted at 15:30:07 gmt Thu Jul 9 2009

System image file is "flash:c2800nm-advipservicesk9-mz.124-24.T.bin"


R2851-3#




Edison Ortiz Sat, 07/18/2009 - 12:01
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

You are right, I wasn't correct since I posted a link that reflects the SSHv1 behavior.


This link

http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_secure_shell_v2_ps6350_TSD_Products_Configuration_Guide_Chapter.html


reflects the SSHv2 behavior and you can't really enforce one type of encryption from the IOS SSH server.


My only suggestion is opening a TAC case and file for an enhancement request.

cisco24x7 Sat, 07/18/2009 - 09:39
User Badges:
  • Silver, 250 points or more

Again, that is not what I asked. My question is "how can I make the IOS router accept only AES256-cbc with hmac-sha-1". Anything else below aes256-cbc even with hmac-md5 will be rejected.


By the way, what you said about ssh v2 use AES is not completely accurate. ssh version 2 also uses 3DES as well. See below:


[[email protected]-labgw]# ssh -v -2 -c 3des -m hmac-sha1 -l cciesec 192.168.15.201

OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: Applying options for *

debug1: Rhosts Authentication disabled, originating port will not be trusted.

debug1: Connecting to 192.168.15.201 [192.168.15.201] port 22.

debug1: Connection established.

debug1: identity file /root/.ssh/id_rsa type 1

debug1: identity file /root/.ssh/id_dsa type -1

debug1: Remote protocol version 2.0, remote software version Cisco-1.25

debug1: no match: Cisco-1.25

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug1: kex: server->client 3des-cbc hmac-sha1 none

debug1: kex: client->server 3des-cbc hmac-sha1 none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

debug1: Host '192.168.15.201' is known and matches the RSA host key.

debug1: Found key in /root/.ssh/known_hosts:9

debug1: ssh_rsa_verify: signature correct

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug1: SSH2_MSG_NEWKEYS received

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug1: Authentications that can continue: keyboard-interactive,password

debug1: Next authentication method: keyboard-interactive

Password:


R2851-3#sh run | i ip ssh

ip ssh version 2

R2851-3#


[[email protected]-labgw]# ssh -v -2 -c 3des -m hmac-sha1 -l root Linux_ultra_Secure

OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: Applying options for *

debug1: Rhosts Authentication disabled, originating port will not be trusted.

debug1: Connecting to 192.168.15.228[192.168.15.228] port 22.

debug1: Connection established.

debug1: identity file /root/.ssh/id_rsa type 1

debug1: identity file /root/.ssh/id_dsa type -1

debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3

debug1: match: OpenSSH_4.3 pat OpenSSH*

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

no matching cipher found: client 3des-cbc server aes256-cbc

debug1: Calling cleanup 0x8062370(0x0)

[[email protected]-labgw]#


ww9rivers Mon, 01/25/2010 - 14:15
User Badges:

I am interested in a definitive answer to this question.


Googling and searching around Cisco.com, it seems that the answer may be: No, SSH in IOS is simply not that configurable. One only gets to choose SSH version and IOS decides what cipher to use.


Is that correct?

ww9rivers Mon, 01/25/2010 - 14:30
User Badges:

I was going to edit the previous post, adding "with hint from the client". But the editor does't seem to let me.

bxp Fri, 05/11/2012 - 13:12
User Badges:

Has anyone found a resolution to this issue?  I have been searching everywhere but haven't had any luck.  This post is the only place that even mentions trying to accomplish this.  I need to complete to meet a security audit requirement.  I am going to open a case with TAC but I wanted to see if anyone had anything pop up since 2008.  Thanks in advance.


Steve

bxp Fri, 05/11/2012 - 14:18
User Badges:

Sorry meant to reply to original post:


Has anyone found a resolution to this issue? I have been searching everywhere but haven't had any luck. This post is the only place that even mentions trying to accomplish this. I need to complete to meet a security audit requirement. I am going to open a case with TAC but I wanted to see if anyone had anything pop up since 2008. Thanks in advance.


Steve

Richard Burts Sat, 05/12/2012 - 10:31
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Steve


The part about restricting it to only SSH version 2 is easy and is explained in the post from Danilo. I am still not aware of any way to restrict the encryption protocol in IOS. If you do find something from TAC please do post back here with what you find.


HTH


Rick

bxp Mon, 05/14/2012 - 12:47
User Badges:

This was TACs response to my question:


With  regards to your question, this functionality is not yet available on cisco IOS.

I hope this helps . Please let me know if you still require additional information/assistance or if you will want me to close the ticket.


Looks like its not an option at the moment.  I'm not sure what to bring back to the security people that mentioned we should do this.

Richard Burts Mon, 05/14/2012 - 18:42
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Steve


To state the obvious, I would take back to the security people that you have asked Cisco how to do what they are requesting and Cisco has responded that in current code it is not supported. I would perhaps then ask them if they know how to do something that Cisco does not yet know.


HTH


Rick

Richard Ascheri Tue, 05/28/2013 - 17:04
User Badges:

It has been almost two years since the last post. I'm running Cisco IOS 15.2 now. But I have the same problem as Steven here.

I used the command "ip ssh version 2" along with the other ip ssh settings.


When trying to do a "copy scp: flash:test" it appears that the Cisco Client tries to use "3des-cbc" instead of "aes-xxxx".

I have also looked to see if I can force it to use "aes-xxxx". No Luck.


Does anyone have any suggestions, other than switching to Juniper which is NOT an option.

robertstrik84 Fri, 07/05/2013 - 14:13
User Badges:

With SSH from client side you can pick the encryption level, it’s weird though that client side dictates the encryption level.

And yes SSH v2 also works with 3des which is quite weak encryption. I’m quite surprised you can't force this on server side.


From client side you can do:

ssh -c aes256-cbc -l -m hmac-sha1-160 -l


example

ssh -c aes256-cbc -l admin 192.168.1.1


but

ssh -c 3des -l admin 192.168.1.1 will also work which obviously we dont want. (And 128-cbc and 192-cbc also)


At least you can protect yourself when you login this way.

Richard Ascheri Wed, 07/24/2013 - 11:17
User Badges:

Robert I understand that I can specify which cipher to use from the SSH client.


The problem that I am having is that I am trying to securely copy a file from a local host up into the Cisco Router, while being logged into the Cisco Router.


Router#   ip ssh version 2

Router#   ip scp server enable

Router#   copy  scp:[email protected]/file   flash:file


When I do this command with Cisco IOS 15.2 it requires that I have 3des-cbc installed on the remotehost in order for the secure copy to proceed.


When I do this command with Cisco IOS 12.4 it works correctly without the 3des-cbc cipher installed on the remotehost.


It appears to me as though the secure copy feature in Cisco IOS 15.x is broken now. It seems that it ignores the ip ssh version 2 specification. Or does this specification only control the ssh session and not the secure copy session?

asverma2 Tue, 04/19/2016 - 00:44
User Badges:
  • Cisco Employee,

Just for the information : 


The option is available in.


Cisco IOS XE Software, Version 03.13.02.S - Extended Support Release
Cisco IOS Software, ASR1000 Software (X86_64_LINUX_IOSD-ADVENTERPRISEK9-M), Version 15.4(3)S2, RELEASE SOFTWARE (fc3)


using below CLI :


Router(config)#ip ssh server algorithm mac ?
hmac-sha1 HMAC-SHA1 (digest length = key length = 160 bits)
hmac-sha1-96 HMAC-SHA1-96 (digest length = 96 bits, key length = 160 bits)


Router(config)#ip ssh server algorithm encryption ?
3des-cbc Three-key 3DES in CBC mode
aes128-cbc AES with 128-bit key in CBC mode
aes128-ctr AES with 128-bit key in CTR mode
aes192-cbc AES with 192-bit key in CBC mode
aes192-ctr AES with 192-bit key in CTR mode
aes256-cbc AES with 256-bit key in CBC mode
aes256-ctr AES with 256-bit key in CTR mode







Actions

This Discussion