04-23-2014 02:22 AM - edited 03-07-2019 07:11 PM
Hi,
We use SSH v2 to login and manage the cisco switches.
But recently our internal security team did VA scan and found out the switches are using SSH Server CBC Mode Ciphers.
And they suggest to disable SSH Server CBC Mode Ciphers and enable CTR or GCM cipher mode encryption.
What is the default encryption mode cisco's ssh using?
Can anyone share if it is possible to disable and enable as they suggest?
Thanks
07-15-2014 08:53 AM
Hi w.phyoaung,
I have the same question/problem as you but I noticed no one has offered a solution. Were you able to find out how to disable the CBC mode cipher encryption and enable CTR or GCM?
Thanks
08-31-2016 11:14 AM
This question hasn't been answered yet??
08-31-2016 11:22 AM
It is available in newer IOS code. Here is my setting:
ip ssh server algorithm encryption aes256-ctr aes192-ctr aes128-ctr
08-31-2016 11:38 AM
Great! Thank you, Ted. I understand the process now.
Wiley Winter
08-10-2020 01:21 AM
Dear Team,
How to fix this?
"disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption"
Thanks,
Shoaib
04-13-2022 02:52 AM
@ted.schwind Will i loose my ssh connection if i add below command. Pls help
ip ssh server algorithm encryption aes256-ctr aes192-ctr aes128-ctr
04-13-2022 08:46 AM
I didn't lose my connection.
04-15-2022 03:48 AM
@ted.schwind Thank you buddy for replying. Basically im going to apply this command on Cisco Asa and i believe both asa and switch have same ssh working mechanism.
04-18-2022 10:30 AM
@ted.schwind Can you pls help me regarding my query
08-07-2014 04:43 PM
I also have the same question.
Cannot find any information about this.
Best Regards.
01-02-2015 01:30 PM
I'm having the same issue for the same reason. Anyone found anything on this?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide