Is it possible disable diffie-hellman-group1-sha1 in a Cisco 2811 Os v.12.4(24)T2 router?
I put this command:
> ip ssh dh min size 2048
for 2048 bits, but in security scanning says that it permits:
| kex_algorithms: (3)
| diffie-hellman-group-exchange-sha1
| diffie-hellman-group14-sha1
| diffie-hellman-group1-sha1
So no pass security certification. For Cisco ASA there is a command like this:
> no ssh ssh key-exchange {dh-group1 ........
But I need for a Cisco 2811 router, and doesn't exist that command. Also I've tried:
> no ip ssh dh min size 1024
but I don't achieve the desired result.
Thanks,
Oscar
Gracias
Oscar