cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


412
Views
0
Helpful
1
Replies
Highlighted
Beginner

SSH v1 on ASA 8.4

Hello All,

I was just curious if SSH v1 is considered vulnerable why is it still enabled by default on the ASA 8.4 by default?

What is the vulnerability impact of using SSH v1 on an ASA?

Thanks!

Everyone's tags (4)
1 REPLY 1
Hall of Fame Master

SSH v1 on ASA 8.4

Well only the product managers can answer "why?". I would venture to guess all defaults are a considered balance between ease of usability and best practices.

The vulnerability is easily mitigated so perhaps that's the thinking. It's most common in my experience to not allow ssh to any public interface. So that in itself restricts the vulnerability to inside hackers. Plus if you go the the trouble of allowing ssh at all (not allowed by default) just check the box (or add the cli option) to restrict ssh to v2.