"SSH Server CBC Mode Ciphers & SSH Weak MAC Algorithms" affected my core switch

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-02-2015 12:29 AM - edited 03-10-2019 12:22 AM
- Labels:
-
Other Security Topics
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-02-2015 04:06 AM
More recent IOS-versions have more features for securing SSH. Older versions are very limited and without upgrading the software you can't allow any modern crypto. More then that, you even can't secure the client-settings if the SSH-server doesn't support modern crypto.
The way to go is:
- Upgrade the device-software
- Configure the devices for stronger SSH-security
- Restrict the client from using weak crypto.
I wrote a little document for securing SSH which is available here:
https://supportforums.cisco.com/document/12338141/guide-better-ssh-security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-29-2017 04:31 AM
HI,
Facing the same issue with entire prodcution device. Please share the fix steps if anyone have it.
Thanks,
Pushpendra
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-29-2017 06:49 PM
Did you try to follow the steps suggested by Karsten?
