Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Need stronger DES for SSH setup

I have a remote site that conducted a security scan into their perimeter environment. As part of this scan, an issue has been exposed that shows that the Cisco 3750 devices allow connections via SSH using weak ciphers (DES). Is there a way to lock the cipher to a stronger one (3DES or AES). If not, is there a Cisco IOS version/feature set that supports setting the maximum cipher to be used?

Currently, the 3750s are running IOS:

Version 12.2(25)SEE, RELEASE SOFTWARE (fc2)

New Member

Re: Need stronger DES for SSH setup

I'm not sure about that particular IOS version, but it should be possible to set the ssh server version to 2 using the command

ip ssh version 2

in global config mode. I tried some debug when connecting to an IOS SSH v2 box and it used AES128 as the default. It may be possible to tie the SSH server down further.

CreatePlease to create content