Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5509
Views
5
Helpful
2
Replies

catalyst switches SSH Weak MAC Algorithms

Go to solution
netops_cortera
Level 1
Level 1

‎08-31-2016 11:19 AM - edited ‎03-10-2019 12:42 AM

In have been running Nessus scans and all of my switches are coming back with SSH Weak MAC Algorithms and SSH Server CBC Mode Ciphers, i have been searching everywhere and the only thing i have found that says how to make changes, is to be running ssh server, my switches do not have this option, so i am guessing that i need a different version of IOS in-order to make these changes. i am pretty much running ipbase 12.2 everywhere 

These are the settings I need to make

Ciphers aes128-ctr,aes192-ctr,aes256-ctr
MACs hmac-sha1,hmac-ripemd160

2 people had this problem
Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎08-31-2016 01:54 PM

You need IOS 15.5(2) for that. With the older releases it was not yet possible:

https://supportforums.cisco.com/document/12338141/guide-better-ssh-security

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Karsten Iwen
VIP
VIP

‎08-31-2016 01:54 PM

You need IOS 15.5(2) for that. With the older releases it was not yet possible:

https://supportforums.cisco.com/document/12338141/guide-better-ssh-security

0 Helpful

Go to solution
netops_cortera
Level 1
Level 1
In response to Karsten Iwen

‎09-01-2016 07:30 AM

i believe that version 15.5 is for routers and a few other types of devices, i am looking for something on switches like a 3560V2 or 3850, so far i can't fine anything to fix this problem. it show up on all of my security scans.

Do you know if Cisco is working on a fix for this problem ?

0 Helpful
Customers Also Viewed These Support Documents