Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1335
Views
0
Helpful
11
Replies

SSH Weak Ciphers

NMS2
Level 1
Level 1

‎08-31-2025 03:38 AM

Hello, I have two routers 1121X and 4221, and when i tried the penetration testing, i got the result below:

# algorithm recommendations (for Cisco IOS/PIX sshd 1.25)

(rec) -diffie-hellman-group-exchange-shal    kex algorithm to remove

(rec) -diffie-hellman-group14-shal    kex algorithm to remove

(rec) -hmac-shal   mac algorithm to remove

(rec) -hmac-sha1-96   mac algorithm to remove

(rec) -ssh-rsa   key algorithm to remove

(rec) -hmac-sha2-256   mac algorithm to remove

(rec) -hmac-sha2-512      mac algorithm to remove

the bold lines already solved i need to solve the last one.

here is some shows from my router 1121X 

Cisco IOS XE Software, Version 17.09.05a

Cisco IOS Software [Cupertino], ISR Software (ARMV8EL_LINUX_IOSD-UNIVERSALK9-M), Version 17.9.5a, RELEASE SOFTWARE (fc1)

 

SSH Enabled - version 2.0

Authentication methods:publickey,keyboard-interactive,password

Authentication Publickey Algorithms:ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384

Hostkey Algorithms:rsa-sha2-512

Encryption Algorithms:aes256-gcm,aes256-ctr

MAC Algorithms:hmac-sha2-512

KEX Algorithms:ecdh-sha2-nistp521

Authentication timeout: 120 secs; Authentication retries: 3

Minimum expected Diffie Hellman key size : 4096 bits

IOS Keys in SECSH format(ssh-rsa, base64 encoded): RSA-SHA2

Modulus Size : 4096 bits

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDmK1tGkBUiKY6KJS38Y1+Si654tX+NG+HYH1HNWQv7

4OBmY4spkvgkM/EVkVLl+GKEvqr8XhIVGaVTiC56o3EkAQEIKxQVVaMVDlky07hPjFfRpyLIBwtirw7n

ngn9OsUvtUArMYbCDyEr+EAEEhmYaKUq24bBIUYU3WAQjoUAK2VxjlhM0fCwk1vBzmEo2LAtHjLKVNLS

Y0Mqk/VBb3F3DCYREhlXx4k7CIRHIpx8A/vq3n04jJNviMFIi37K8IK6z5ErBXQACoh68S1ziNOGPrhn

QjmmdPpsawhk8wxZRq9/JbF93kmVuR4WvbOML8YRqmk6nkZG2Xqz7EyU+9oovdWzZY5ZmvojO3O6XA7C

QvLQQ3I1U6CTkhfIaotgg3ysHbtiw6qry5nuIu4db0xVx1VKdrb0Zx/+VlHpUn/wPl40Wt4Pthulon2m

Br8TrKHoJcmTglcKIx4lSROkWmQY1UJEcMcACs0R+CutZLZifMEHvkQToW/2aH6dYyqWh8Uq3d0f9oov

ShIjKkpeM/S0lLDWPagZeijIY2pDv1hwl90W6wxB8AR1GYINo8AjH38269QmL6zQCSak8VpxKQ8dsO92

lFW10sxN7PLQvqXatuf1gu84/I+zsdLUwFZXHmUFHNOqkygYuvSYT7srz76PKhCvCNjWa8oh7M4F9Zti

 

0 Helpful
11 Replies 11

MHM Cisco World
VIP
VIP

‎08-31-2025 03:44 AM

ip ssh server algorithm hostkey <<- what option available in this command?

MHM

0 Helpful

MHM Cisco World
VIP
VIP
In response to MHM Cisco World

‎08-31-2025 10:19 AM - edited ‎08-31-2025 02:15 PM

ip ssh server algorithm mac ? 

Share output of this 

If max is 

Hmac-sha2-512 <<- then it routers limitations 

If routers run (Encrypt-then-MAC) ETM then run it' it more secure.

MHM

0 Helpful

NMS2
Level 1
Level 1
In response to MHM Cisco World

‎09-01-2025 01:53 AM 

ip ssh server algorithm mac ?
  hmac-sha1                      HMAC-SHA1 (digest length = 160 bits,key length
                                 = 160 bits)
  hmac-sha2-256                  HMAC-SHA2-256 (digest length = 256 bits, key
                                 length = 256 bits)
  hmac-sha2-256-etm@openssh.com  HMAC-SHA2-256-ETM (digest length = 256 bits,
                                 key length = 256 bits)
  hmac-sha2-512                  HMAC-SHA2-512 (digest length = 512 bits, key
                                 length = 512 bits)
  hmac-sha2-512-etm@openssh.com  HMAC-SHA2-512-ETM (digest length = 512 bits,
                                 key length = 512 bits)
0 Helpful

MHM Cisco World
VIP
VIP
In response to NMS2

‎09-01-2025 03:09 AM 

hmac-sha2-512-etm@openssh.com

Use this 

MHM 

0 Helpful

NMS2
Level 1
Level 1
In response to MHM Cisco World

‎09-01-2025 06:24 AM

it has the same digest length, so the problem will still exist.

0 Helpful

MHM Cisco World
VIP
VIP
In response to NMS2

‎09-01-2025 06:27 AM

It true it have same digest 512 but it encrypt first so it more strong.

Use it and let test decided it weak or not

MHM

0 Helpful

Jens Albrecht
VIP
VIP

‎08-31-2025 10:00 AM

Hello @NMS2,

the typical options on IOS-XE routers are the following:

Rtr01(config)#ip ssh server algorithm mac ?
  hmac-sha1                      HMAC-SHA1 (digest length = 160 bits,key length
                                 = 160 bits)
  hmac-sha2-256                  HMAC-SHA2-256 (digest length = 256 bits, key
                                 length = 256 bits)
  hmac-sha2-256-etm@openssh.com  HMAC-SHA2-256-ETM (digest length = 256 bits,
                                 key length = 256 bits)
  hmac-sha2-512                  HMAC-SHA2-512 (digest length = 512 bits, key
                                 length = 512 bits)
  hmac-sha2-512-etm@openssh.com  HMAC-SHA2-512-ETM (digest length = 512 bits,
                                 key length = 512 bits)

Rtr01(config)#

So which one do you want to use? HMAC-SHA2-512-ETM?
Once you enabled this, you can remove HMAC-SHA2-512.

HTH!

0 Helpful

NMS2
Level 1
Level 1
In response to Jens Albrecht

‎09-01-2025 01:51 AM

i already use hmac-sha2-512, but the penetration test result is 
(rec) -hmac-sha2-512      mac algorithm to remove

this is the higher KEY for hmac.

any solution

0 Helpful

NMS2
Level 1
Level 1
In response to Jens Albrecht

‎09-01-2025 06:27 AM

the test result need to remove hmac-sha2-512 to a large key, i can't find in my router any lagre key, the two keys with ETM has the same digest length

0 Helpful

Jens Albrecht
VIP
VIP
In response to NMS2

‎09-01-2025 08:59 AM

What's the problem with HMAC-SHA2-512-ETM?

This algorithm is considered secure as of today and is recommended for use in SSH and other cryptographic protocols that require strong message authentication codes (MACs). 

The ETM (Encrypt-then-MAC) construction further hardens the protocol against certain exploits, such as padding oracle attacks and length extension attacks.

So what are your looking for?

SHA3 algorithms? AEAD ciphers? Quantum-resistant encryption?

The routers you are using are pretty old and the 4221 already reached EOL so Cisco will not provide any new software version for this platform. These old hardware platforms simply do not support anything beyond what is offered now.

The solution is simple.

Scrap your routers and buy the new Cisco Secure Series routers that have just been launched a few months ago.

These routers have new hardware that is build to support future-proof branch security with advanced, quantum-resistant encryption.

The Cisco 8100 Series Secure Routers Data Sheet can be found here:
https://www.cisco.com/site/us/en/products/collateral/networking/sdwan-routers/8000-secure-routers/8100-series-secure-routers-ds.html

Of course, there are also more powerful models with the 8200/8300 Series Secure routers. The first link above leads to the data sheets for each series. Be careful not to mix them up with the old 8200/8300 Series routers (that's why I put the 'Secure' in bold).

...and a final note.
These brand-new routers will be shipped with the same algorithms supported as of now. The hardware does support PQC security but the first software versions with quantum-resistant encryption are expected to be released some time next year. So patience is your best friend.

HTH!

 

0 Helpful

NMS2
Level 1
Level 1
In response to Jens Albrecht

‎09-06-2025 05:44 AM

I replaced 4221 with 1121X router in support, and the IOS has been upgraded to the latest.

i have no problems with HMAC-SHA2-512-ETM, but it will not solve the scanner issue.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card