cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1163
Views
0
Helpful
9
Replies

What's the impact on CUCM servers when adding new Ciphers

Yarin Ezra
Level 1
Level 1

Hello Cisco Community,

I have a customer that integrated a new version of SFTP Server which uses an SSH Cipher that the CUCM by default do not support.

I found that i can manually add new ciphers to CUCM via OS Administration > Security > Cipher Management and add the new cipher in the designated location.

What would be the impact on adding probably a single cipher key to either locations say "SSH Cipher" or "SSH Key Exchange"?

2 Accepted Solutions

Accepted Solutions

Hope this Helps.

 

 

  • SSH Ciphers—The ciphers that are assigned in this field are applicable to SSH connections on Unified Communications Manager and IM and Presence Service.

  • SSH Key Exchange—The Key Exchange algorithms that are assigned in this field are applicable to the SSH interface on Unified Communications Manager and IM and Presence Service.

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/security/12_5_1SU3/cucm_b_security_guide_1251SU3/cucm_m_cipher-management_reorg.html

 

 



Response Signature


View solution in original post

1) yes
2) depends which you ciphers you want to have enabled.
If you want the default + new ones, then you would paste all of those in the field and save it.

View solution in original post

9 Replies 9

Hope this Helps.

 

 

  • SSH Ciphers—The ciphers that are assigned in this field are applicable to SSH connections on Unified Communications Manager and IM and Presence Service.

  • SSH Key Exchange—The Key Exchange algorithms that are assigned in this field are applicable to the SSH interface on Unified Communications Manager and IM and Presence Service.

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/security/12_5_1SU3/cucm_b_security_guide_1251SU3/cucm_m_cipher-management_reorg.html

 

 



Response Signature


I've read the Security guide before but it does say "When you configure ciphers on the Cipher Management page, the following ciphers are essentially disabled."

So i wanted to check if someone knew what would be the impact on the cluster if i were to add a SSH Cipher to the list, it would be the only one on the list because by default they are all empty

It's mentioned in the guide:

Unbenannt.PNG

If i changed the default SSH Cipher it would only impact the SSH Cipher settings an no other right ?

and if i i change the SSH Cipher do i just include the default Ciphers base on the Guide + the new one that i need for the SFTP Server?

1) yes
2) depends which you ciphers you want to have enabled.
If you want the default + new ones, then you would paste all of those in the field and save it.


@Yarin Ezra wrote:

If i changed the default SSH Cipher it would only impact the SSH Cipher settings an no other right ?

and if i i change the SSH Cipher do i just include the default Ciphers base on the Guide + the new one that i need for the SFTP Server?


Thats True.

Add additional Ciphers to the list.

 

NithinEluvathingal_0-1691391950798.png

 



Response Signature


how could i know what are the default ciphers for cucm version 11.5, are they the same values as the 12.5 like the guide above?

Check the information of the corresponding enterprise parameters:

Unbenannt.PNG

Awesome thank you, i noticed there were no parameter for SSH Cipher or Key Exchange, is there a way to find those as well? cant find anything about it anywhere