cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2573
Views
0
Helpful
1
Replies

SSH Server CBC Mode Ciphers Enabled and SSH Weak MAC Algorithms Enabled

patilranjitv
Level 1
Level 1
 
As per VAPT audit carried out in my client side they ask to make changes in following points in 2960 switch and 3825,3845, 3945 and 7609 routers kindly provide the correct solution. as per my search till now it is not highly required but how can i answer and convince this to my client.
 
 
Obser 1- “SSH Server CBC Mode Ciphers Enabled” :
Kindly suggest the command to implement CTR or GCM ciphers and to disable CBC Mode Ciphers.   The CISCO documents do not have any information for implementation of CTR or GCM in CISCO devices.
 
Obser 2 – “SSH Weak MAC Algorithms Enabled “  :
 
Kindly suggest the command to disable SSH Weak MAC Algorithms in CISCO devices.
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

This Cisco posting re Next Generation Encryption lists several ways to accomplish what's being asked.

Take care that you don't effectively perform a denial of service on yourself. Depending on how (or if) you are currently using them, the weaker algorithms may be required to support remote clients or peers on external VPNs.

Review Cisco Networking for a $25 gift card