06-03-2024 09:18 AM
Hi everyone,
One of our customer need to have configured some specific Encryption Algorithms on their switch WS-C3750X-24 version 15.0(1)SE3. This is his current ip ssh;
sw-core-1#sh ip ssh
SSH Enabled - version 2.0
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded):
ssh-rsa ........
and to make it work with the server we need it needs to be like that;
SSH Enabled - version 2.0
Authentication methods:publickey,keyboard-interactive,password
Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa
Hostkey Algorithms:x509v3-ssh-rsa,ssh-rsa
Encryption Algorithms:aes128-ctr,aes192-ctr,aes256-ctr
MAC Algorithms:hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96
KEX Algorithms:diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 2048 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded): TP-self-signed-110641904
ssh-rsa ....
It is possible? How can i do it?
Thanks,
Noemi
06-03-2024 10:26 AM
M.
06-05-2024 12:21 AM
Hi,
Yes i saw that guide but on this switch there isn't the command ip ssh server that we need to config the ssh algothitm;
sw-ced-3(config)#ip ssh ?
authentication-retries Specify number of authentication retries
break-string break-string
dh Diffie-Hellman
dscp IP DSCP value for SSH traffic
logging Configure logging for SSH
maxstartups Maximum concurrent sessions allowed
port Starting (or only) Port number to listen on
precedence IP Precedence value for SSH traffic
pubkey-chain pubkey-chain
rsa Configure RSA keypair name for SSH
source-interface Specify interface for source address in SSH
connections
stricthostkeycheck Enable SSH Server Authentication
time-out Specify SSH time-out interval
version Specify protocol version to be supported
I think we'll need to upgrade it.
06-05-2024 12:56 AM
- You may try upgrading indeed , to disable weak ciphers you can also try :
ip ssh dh min size 2048
(e.g.)
M.
08-12-2024 01:31 AM
try and upgrade your plan please
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide