Solved: Disabled weaker encryption algorithms on a Cisco 3750 Version 12.2(55)

loffreda · ‎08-21-2024

Hi Team ,

i need remove weaker encryption algorithms on a Cisco 3750. I have switch WS-C3750-48P, SW Version 12.2(55)SE11, Image c3750-ipbasek9-mz.122-55.SE11, k9 Version.

The command that I' m going to apply are

ip ssh dh min size 4096
ip ssh server algorithm mac hmac-sha1

And ecc, so I need modify ip ssh server algorithm, the problem is that not appear on the my cisco IOS version, I think that is not supported, do you have any evidence of this ?

Some show of my devices:

3750-3B(config)#ip ssh ?
authentication-retries Specify number of authentication retries
dscp IP DSCP value for SSH traffic
logging Configure logging for SSH
precedence IP Precedence value for SSH traffic
source-interface Specify interface for source address in SSH connections
time-out Specify SSH time-out interval
version Specify protocol version supported

3750-3B(config)#ip ssh

3750-3B#sh run all | i ssh
ip ssh version 2
transport input ssh
transport input ssh

3750-3B#sh ip ssh
SSH Enabled - version 2.0
Authentication timeout: 120 secs; Authentication retries: 3

Thanks

Karsten Iwen · ‎08-21-2024

My guide to better SSH security is old, but still applies for this platform:

https://community.cisco.com/t5/security-knowledge-base/guide-to-better-ssh-security/ta-p/3133344

TLDR: You are out of luck. This device is too old to support any modern cryptography.

View solution in original post

Karsten Iwen · ‎08-21-2024

My guide to better SSH security is old, but still applies for this platform:

https://community.cisco.com/t5/security-knowledge-base/guide-to-better-ssh-security/ta-p/3133344

TLDR: You are out of luck. This device is too old to support any modern cryptography.