04-28-2022 12:26 AM
I am running WS-C3560X-48T-S.(IOS : c3560e-ipbasek9-mz.122-55.SE10.bin)
I want to disable SSH 3DES on the switch.
The following output does not work on the switch.
Device# sh ip ssh
Encryption Algorithms : aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
Device(config)# no ip ssh server algorithm encryption 3des-cbc
Do I need to upgrade my iOS? (ex : c3560e-universalk9-mz.152-4.E10.bin)
Or is there any other way?
Solved! Go to Solution.
04-28-2022 01:30 AM
Hello,
it looks like you have to upgrade indeed:
Command History
Release
Modification
Cisco IOS 15.5(2)S
This command was introduced.
Cisco IOS XE 3.15S
This command was integrated into Cisco IOS XE Release 3.15S.
Cisco IOS 15.5(2)T
This command was integrated into Cisco IOS Release 15.5(2)T.
04-28-2022 01:30 AM
Hello,
it looks like you have to upgrade indeed:
Command History
Release
Modification
Cisco IOS 15.5(2)S
This command was introduced.
Cisco IOS XE 3.15S
This command was integrated into Cisco IOS XE Release 3.15S.
Cisco IOS 15.5(2)T
This command was integrated into Cisco IOS Release 15.5(2)T.
04-28-2022 04:55 AM
may be the SSH is work as client not Server that why the commend is not work.
04-28-2022 03:58 PM
post complete
show version
show ip ssh
04-28-2022 07:23 PM
Switch#sh ver
Cisco IOS Software, C3560E Software (C3560E-UNIVERSALK9-M), Version 12.2(55)SE10, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Wed 11-Feb-15 11:28 by prod_rel_team
Image text-base: 0x00003000, data-base: 0x02800000
ROM: Bootstrap program is C3560E boot loader
BOOTLDR: C3560E Boot Loader (C3560X-HBOOT-M) Version 15.2(3r)E, RELEASE SOFTWARE (fc1)
Switch uptime is 7 minutes
System returned to ROM by power-on
System image file is "flash:/c3560e-universalk9-mz.122-55.SE10/c3560e-universalk9-mz.122-55.SE10.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
License Level: ipservices
License Type: Permanent
Next reload license Level: ipservices
cisco WS-C3560X-48 (PowerPC405) processor (revision P0) with 262144K bytes of memory.
Processor board ID FDO1948F27E
Last reset from power-on
1 Virtual Ethernet interface
1 FastEthernet interface
52 Gigabit Ethernet interfaces
2 Ten Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.
512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : 00:F2:8B:07:CC:80
Motherboard assembly number : 73-15479-01
Motherboard serial number : FDO194902MN
Model revision number : P0
Motherboard revision number : A0
Model number : WS-C3560X-48T-E
Daughterboard assembly number : 800-32786-02
Daughterboard serial number : FDO19470ZCA
System serial number : FDO1948F27E
Top Assembly Part Number : 800-38993-01
Top Assembly Revision Number : B0
Version ID : V07
CLEI Code Number : CMMPX00DRB
Hardware Board Revision Number : 0x05
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 54 WS-C3560X-48 12.2(55)SE10 C3560E-UNIVERSALK9-M
Switch#sh ip ssh
SSH Enabled - version 1.99
Authentication timeout: 120 secs; Authentication retries: 3
04-29-2022 01:14 AM
Hello,
did you try the upgrade already ?
04-29-2022 04:38 AM
change to ip ssh v2 and test it. (if that not upgrade to latest ?)
05-01-2022 05:39 PM
Changed to ssh2.
It's the same.
Switch#sh ip ssh
SSH Enabled - version 2.0
Authentication timeout: 120 secs; Authentication retries: 3
Switch#sh ssh
%No SSHv1 server connections running.
Connection Version Mode Encryption Hmac State Username
1 2.0 IN aes256-cbc hmac-sha1 Session started admin
1 2.0 OUT aes256-cbc hmac-sha1 Session started admin
05-01-2022 05:43 PM
After upgrading Cisco IOS 15.5(2)S
Disabled 3des.
Device(config)# no ip ssh server algorithm encryption 3des-cbc
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide