Solved: Re: Disabling weak protocols in ACS 4.2?

sforrester · ‎11-30-2010

This may be old hat by now but can someone confirm or deny that the SSH server on ACS4.2 can be configured to avoid client negotiation with weak protocols? I'd like to ensure that SSHv1 cannot be used. If it (SSHv1) can be disabled, exactly how is this achived? If it's not possible with ACS4.2 is there a later version where this can be disabled?

Thanks,

Steve.

Nate Austin · ‎11-30-2010

Hi Steve,

Currently SSHv1 cannot be disabled:

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_tech_note09186a00808d9199.shtml#SSHv1v2

This is still the case on ACS 4.2.1 which is the latest currently for the ACS 4.x line.

That being said, the SSH shell is very limited on the ACS. The only thing that you can do is initiate an RDBMS synchronization. There are three other commands (csutil commands) but they cannot even be run unless the services are stopped.

Thanks,

Nate

View solution in original post

Nate Austin · ‎11-30-2010

Hi Steve,

Currently SSHv1 cannot be disabled:

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_tech_note09186a00808d9199.shtml#SSHv1v2

This is still the case on ACS 4.2.1 which is the latest currently for the ACS 4.x line.

That being said, the SSH shell is very limited on the ACS. The only thing that you can do is initiate an RDBMS synchronization. There are three other commands (csutil commands) but they cannot even be run unless the services are stopped.

Thanks,

Nate

sforrester · ‎12-01-2010

Many thanks for that definitive answer, very helpful. I can now think about whether I need to go to V5.0+.

Regards,

Steve