https://community.cisco.com/t5/network-security/how-to-enable-aes-ctr-encryption-for-asa-5520/m-p/2387327#M271182 <HTML><HEAD></HEAD><BODY><P>Thanks a lot . Can u please confirm how we can test the same through putty . Or is there any other client through which we can test this ( through windows machine )</P><P></P><P></P><P>&nbsp; How we can test this ( through which machine have u tested )&nbsp; .. Also is there any way by which we can disable CBC encryption&nbsp; on ASA 5520 </P><P></P><P>Awaiting your reverts .</P><P></P><P>Rgds,</P><P>Tushar</P></BODY></HTML> Tue, 21 Jan 2014 09:25:11 GMT tusharp81 2014-01-21T09:25:11Z https://community.cisco.com/t5/network-security/how-to-enable-aes-ctr-encryption-for-asa-5520/m-p/2387325#M271174 <P>Dear Team ,</P><P></P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; When we see the show ssh sessions on our ASA . it shows output as following </P><P></P><P>K-ASA# show ssh sessions</P><P></P><P>SID Client IP&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Version Mode Encryption&nbsp;&nbsp;&nbsp; Hmac&nbsp;&nbsp;&nbsp;&nbsp; State&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Username</P><P>0&nbsp;&nbsp; x.x.x.x&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2.0&nbsp;&nbsp;&nbsp;&nbsp; IN&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; aes256-cbc&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; sha1&nbsp;&nbsp;&nbsp;&nbsp; SessionStarted&nbsp;&nbsp; *******</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; OUT&nbsp;&nbsp; aes256-cbc&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; sha1&nbsp;&nbsp;&nbsp;&nbsp; SessionStarted&nbsp;&nbsp; *******</P><P></P><P> We can observe that in encryption it is using aes256-cbc . Now we want to disable the cbc encryption and enable the CTR encryption for SSH .</P><P></P><P>For the same we have upgraded the asa OS to 9.1.2 . Kindly confirm how can we enable the same .</P><P></P><P>Rgds,</P><P>Tushar</P> Tue, 12 Mar 2019 03:33:10 GMT https://community.cisco.com/t5/network-security/how-to-enable-aes-ctr-encryption-for-asa-5520/m-p/2387325#M271174 tusharp81 2019-03-12T03:33:10Z https://community.cisco.com/t5/network-security/how-to-enable-aes-ctr-encryption-for-asa-5520/m-p/2387326#M271177 <HTML><HEAD></HEAD><BODY><P>Tushar, </P><P></P><P>It's eabled on the server.</P><P></P><P>MInd that you need the clien to want to use it <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P></P><P>From linux I tested this </P><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote"><P>ssh -c aes128-ctr bsns-asa5585-60-2 -l cisco</P><P></P></PRE><P>which resulted with</P><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote"><P>BSNS-ASA5585-60-2# show ssh sessions detail</P><P></P><P></P><P>SSH Session ID&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : 1</P><P> Client IP&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : 10.48.93.4</P><P> Username&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : cisco</P><P> SSH Version&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : 2.0</P><P> State&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : KeysExchanged</P><P> Inbound Statistics</P><P>&nbsp; <STRONG>Encryption&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : aes128-ctr</STRONG></P><P>&nbsp; HMAC&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : md5</P><P>&nbsp; Bytes Received&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : 272</P><P> Outbound Statistics</P><P>&nbsp; <STRONG>Encryption&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : aes128-ctr</STRONG></P><P>&nbsp; HMAC&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : md5</P><P>&nbsp; Bytes Transmitted&nbsp;&nbsp;&nbsp;&nbsp; : 176</P><P> Rekey Information</P><P>&nbsp; Time Remaining (sec)&nbsp; : 3284</P><P>&nbsp; Data Remaining (bytes): 996147024</P><P>&nbsp; Last Rekey&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : 09:00:43.255 UTC Tue Jan 21 2014</P><P>&nbsp; Data-Based Rekeys&nbsp;&nbsp;&nbsp;&nbsp; : 0</P><P>&nbsp; Time-Based Rekeys&nbsp;&nbsp;&nbsp;&nbsp; : 0</P><P>BSNS-ASA5585-60-2#&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P></PRE><P></P><P>No special settings on ASA.</P><P></P><P>M.</P></BODY></HTML> Tue, 21 Jan 2014 09:02:22 GMT https://community.cisco.com/t5/network-security/how-to-enable-aes-ctr-encryption-for-asa-5520/m-p/2387326#M271177 Marcin Latosiewicz 2014-01-21T09:02:22Z https://community.cisco.com/t5/network-security/how-to-enable-aes-ctr-encryption-for-asa-5520/m-p/2387327#M271182 <HTML><HEAD></HEAD><BODY><P>Thanks a lot . Can u please confirm how we can test the same through putty . Or is there any other client through which we can test this ( through windows machine )</P><P></P><P></P><P>&nbsp; How we can test this ( through which machine have u tested )&nbsp; .. Also is there any way by which we can disable CBC encryption&nbsp; on ASA 5520 </P><P></P><P>Awaiting your reverts .</P><P></P><P>Rgds,</P><P>Tushar</P></BODY></HTML> Tue, 21 Jan 2014 09:25:11 GMT https://community.cisco.com/t5/network-security/how-to-enable-aes-ctr-encryption-for-asa-5520/m-p/2387327#M271182 tusharp81 2014-01-21T09:25:11Z https://community.cisco.com/t5/network-security/how-to-enable-aes-ctr-encryption-for-asa-5520/m-p/2387328#M271183 <HTML><HEAD></HEAD><BODY><P>&nbsp; I just want to know if we can disable to CBC on ASA . I have got the ssh client which supports AES-CTR encryption .</P><P></P><P>We have one other ASA observation after VA test i.e SSH Weak MAC Algorithms Enabled .</P><P></P><P>Could u please help me in getting this closed ?</P><P></P><P>Rgds,</P><P>Tushar</P></BODY></HTML> Tue, 21 Jan 2014 10:15:34 GMT https://community.cisco.com/t5/network-security/how-to-enable-aes-ctr-encryption-for-asa-5520/m-p/2387328#M271183 tusharp81 2014-01-21T10:15:34Z