Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1670
Views
5
Helpful
2
Replies

CSPC Version 2.8 SSH2 login to Collector to use higher encryption like ecdh-sha2-nistp256.

Go to solution
rhallan
Level 1
Level 1

‎06-21-2021 10:50 AM - edited ‎06-21-2021 11:24 AM

Our new security policy needs us to have SSH login Key Exchange Algorithms to use only higher encryption like ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521and we need to disable other lower encryption exchanges.

Is there a way to find out what SSH login Key Exchange Algorithms are supported and only enable higer encryption like ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521 CSPC Version 2.8.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
aibhatna
Cisco Employee
Cisco Employee
In response to aibhatna

‎06-23-2021 01:04 PM

Hi rhallan,

 

CSPC - 2.8.1.6, has the following ciphers enabled in /etc/ssh/sshd_config file.

Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc

 

You can remove the CBC ciphers and run service sshd restart.

 

For 2.9, Ciphers are chacha20-poly1305@openssh.com, aes256-gcm@openssh.com, aes128-gcm@openssh.com, aes256-ctr, aes192-ctr,aes128-ctr .


Thank you

Regards,

Aishwarya Bhatnagar

View solution in original post

2 Replies 2

Go to solution
aibhatna
Cisco Employee
Cisco Employee

‎06-21-2021 11:47 AM

Hi rhallan,

 


Hope you are you doing well!
We are looking into the issue you posted. We will reach out to you soon with an update.

 

Thank you

Regards,

Aishwarya Bhatnagar

0 Helpful

Go to solution
aibhatna
Cisco Employee
Cisco Employee
In response to aibhatna

‎06-23-2021 01:04 PM

Hi rhallan,

 

CSPC - 2.8.1.6, has the following ciphers enabled in /etc/ssh/sshd_config file.

Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc

 

You can remove the CBC ciphers and run service sshd restart.

 

For 2.9, Ciphers are chacha20-poly1305@openssh.com, aes256-gcm@openssh.com, aes128-gcm@openssh.com, aes256-ctr, aes192-ctr,aes128-ctr .


Thank you

Regards,

Aishwarya Bhatnagar

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents