Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1516
Views
0
Helpful
2
Replies

disable weak cipher on Cisco C881-K9

lingfongsim
Level 1
Level 1

‎04-08-2020 07:26 AM

during vulnerability scan on my hardware router.

SSH Server CBC Mode Ciphers Enabled and SSH Weak MAC Algorithms Enabled appears on the report

Recommendation are to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption and disable MD5 and 96-bit MAC algorithms respectively.

I google for answer but cannot seems to locate an answer for router for the above action.

Please advise, thanks

0 Helpful
2 Replies 2

ppreenja
Cisco Employee
Cisco Employee

‎04-08-2020 08:08 AM

Hi,

-upgrade to 15.5(2)T or later in order to be able to edit the ciphers.
-Enable CTR or GCM cipher mode encryption for SSH.
(config)# ip ssh server algorithm mac hmac-sha1 hmac-sha1-96
(config)# ip ssh server algorithm encryption aes128-ctr aes256-ctr

-Disable MD5 and 96-bit MAC algorithms for SSH.
(config)# no ip ssh server algorithm mac hmac-sha1-96

I hope the above helps.

Cheers,
Pratham
0 Helpful

lingfongsim
Level 1
Level 1
In response to ppreenja

‎04-08-2020 07:48 PM

Hi Ppreenja,

 

Tks for the reply but I have check on the cisco site.

for my router, 881-k9, do not have 15.5, the latest is 15.4.3M10 MD

I believe this model is already EOL

 
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card