Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3914
Views
10
Helpful
8
Replies

Disabled SSH Weak MAC Algo and CBC mode Ciphers

freddyliaw91
Level 1
Level 1

‎09-30-2015 01:53 AM - edited ‎03-11-2019 11:40 PM

I need a guidance on disabling ssh weak MAC Algorithms and SSH CBC mode ciphers.

I got a CISCO ASA 5510 device. Appreciate if someone could help me. Need advise urgently.

Labels:
0 Helpful
8 Replies 8

Rishabh Seth
Level 7
Level 7

‎09-30-2015 02:02 AM

Hi,

 

You can use following command to see what are the configured algorithm:

# show run all ssl

Then based on our requirement you can use following command to remove/add ssl algorithms:

#  ssl encryption <algo-name>

#  no ssl encryption <algo-name>

 

Hope it helps!!!

Thanks,

R.Seth

Mark the answer as correct if it helps in resolving your query!!!

 

 

freddyliaw91
Level 1
Level 1
In response to Rishabh Seth

‎09-30-2015 02:23 AM

Thanks for prompt response. However, in my case is SSH not SSL.

0 Helpful

Rishabh Seth
Level 7
Level 7
In response to freddyliaw91

‎09-30-2015 02:41 AM

Hi,

I understand that you are using ssh, but all the encryptions algorithms are configured under SSL hierarchy on ASA.

Refer:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/S/cmdref3/s16.html#pgfId-1562163

 

Let us know if this helps in resolving your issue.

 

Thanks,

R.Seth

0 Helpful

Rishabh Seth
Level 7
Level 7
In response to Rishabh Seth

‎09-30-2015 02:59 AM

You can also refer:

https://supportforums.cisco.com/discussion/12209596/how-disable-aes-cbc-encryption-asa-5545

0 Helpful

freddyliaw91
Level 1
Level 1
In response to Rishabh Seth

‎09-30-2015 05:11 AM

The command has been applied.

 

However, we still can see the encryption key.

 

Please, see the attachment for the result.

Preview file
60 KB
0 Helpful

Rishabh Seth
Level 7
Level 7
In response to freddyliaw91

‎09-30-2015 05:30 AM

Hi,

 

Use "show run ssl" to see the ssl encryption algorithm in your running configuration.

I think you will not see the encryption algo in running configuration as you have deleted it.

 

Hope it helps!!!

Thanks,

R.Seth

Mark the answer as correct if it helps in resolving your query!!!

 

 

0 Helpful

Rishabh Seth
Level 7
Level 7
In response to Rishabh Seth

‎09-30-2015 05:39 AM

You can change ssl settings via ASDM as well.

Navigate through  Configuration > Device Management > SSL Settings.

Under this hierarchy you can easily check what is active and based on your requirement you can edit the settings.

 

Hope it helps!!!

Thanks,

R.Seth

freddyliaw91
Level 1
Level 1
In response to Rishabh Seth

‎10-13-2015 01:25 AM

Hi,

The issue still remain the same. I still able to connect with weak ciphers

Preview file
22 KB
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card