Re: How can i modify cipher ssh client on ISE ?

jewfcb001 · ‎04-13-2020

How can i modify cipher ssh client on ISE 2.6 ?

We use ISE Version 2.6 Patch 3

I need enable cipher below.

aes128-ctr , aes256-ctr

Thank you .

Greg Gibbs · ‎04-13-2020

ISE 2.6 added enhancements for hardening the SSH daemon (sshd) service.

See this CLI Reference Guide page for information on the commands and supported options for limiting the ciphers allowed for SSH.

jewfcb001 · ‎04-13-2020

I think sshd service . It's ssh server . But We would like to change cipher of ssh client on ISE

Greg Gibbs · ‎04-13-2020

There is no specific command to configure the SSH client in ISE.

AFAIK, ISE uses the standard OpenSSH package in the underlying RHEL OS. If you configure your SSH server to only support those ciphers, the ISE SSH client should negotiate the same.

jewfcb001 · ‎04-13-2020

@greg

I already change sshd cipher on command service sshd but Client ssh cannot change . I think this command only sshd server.

Greg Gibbs · ‎04-14-2020

Correct. The 'service sshd' command in the ISE CLI only controls the ciphers supported for the SSH daemon running on the ISE node.

My previous post suggested that, if you limit the supported ciphers on the external server to which you are trying to connect from the SSH client in ISE, the ISE client should negotiate to use those supported stronger ciphers.