Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6467
Views
1
Helpful
15
Replies

Removing SSH Weak Ciphers SDWAN Router Controller Mode

billburns
Level 1
Level 1

‎01-04-2024 09:30 AM

On the SDWAN routers that are in controller mode, I need to remove HMAC-SHA1 from the list of options for SSH to connect. Is there a template that would be used to modify SSH, like a CLI template. I am looking to push the equivalent commands down to the routers.

ip ssh server algorithm mac hmac-sha2-256
ip ssh server algorithm encryption aes256-ctr
ip ssh server algorithm kex ecdh-sha2-nistp384

 

 

0 Helpful
15 Replies 15

LukaszC
Level 1
Level 1

‎11-24-2025 03:20 AM

Week algorithm are also used for netconf-yang. Can those be disabled on SDWAN routers?

no netconf-yang ssh server algorithm mac hmac-sha1
no netconf-yang ssh server algorithm encryption aes128-cbc
no netconf-yang ssh server algorithm encryption aes256-cbc
no netconf-yang ssh server algorithm kex diffie-hellman-group14-sha1

0 Helpful
Customers Also Viewed These Support Documents