08-16-2022 11:44 AM
Hi Switch have some week ciphers. From the below commands, we can know which cipher are available, but I am not sure which one is stronger. How can we know these ciphers? and second question is at the blow command, can we think the first one aes192-ctr would be selected and used? other ones cannot work if the first one can work. Thank you
ip ssh server algorithm encryption aes192-ctr aes256-ctr
SW(config)#ip ssh server algorithm encryption ?
3des-cbc Three-key 3DES in CBC mode
aes128-cbc AES with 128-bit key in CBC mode
aes128-ctr AES with 128-bit key in CTR mode
aes128-gcm AES with 128-bit key GCM mode
aes192-cbc AES with 192-bit key in CBC mode
aes192-ctr AES with 192-bit key in CTR mode
aes256-cbc AES with 256-bit key in CBC mode
aes256-ctr AES with 256-bit key in CTR mode
aes256-gcm AES with 256-bit key GCM mode
08-16-2022 12:02 PM - edited 08-16-2022 12:08 PM
Generally, including with AES, longer keys are more secure, so, for example, AES-256 with be considered more secure than AES-128.
What's I'm not current on is CBC vs. CTR vs. GCM modes. Right now I'm trying download a Cisco Live document, on security, which might address the pros and cons of these different modes.
PS:
From a quick read of https://isuruka.medium.com/selecting-the-best-aes-block-cipher-mode-aes-gcm-vs-aes-cbc-ee3ebae173c and https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2018/pdf/BRKSEC-3005.pdf, it seems -GCM is the best of the three.
08-16-2022 12:05 PM - edited 08-16-2022 12:07 PM
higher key length is always preferred so 256, gcm is considered more secure, cdc is vunreable to padding oracle attack, so the last option is most secure, you also have to make sure the SSH client supports this standard, in my experience some of the common clients like putty, teraterm (free) don't support GCM, some don't even support 256 bit key.
here is a screenshot from one of the client, which does not support GCM
08-16-2022 12:08 PM
Depends on the model of the switch and what IOS code running on it, most of the new IOS XE support net RSA keys and SSH v2 for best.
look at the cisco guidance for best practices:
https://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html
https://blog.cryptographyengineering.com/2012/05/19/how-to-choose-authenticated-encryption/
08-16-2022 12:49 PM - edited 08-16-2022 01:02 PM
Thank you all for your very good explanation and links. My second question has not been answered yet, which is,
useing the blow command, can we say the first cipher aes192-ctr would be used and the second one is not used if the first one can work? If this is a case, we should put stronger one before the week one. Is this correct? Thank you
" ip ssh server algorithm encryption aes192-ctr aes256-ctr "
08-16-2022 03:32 PM
The handshake depends on what client you using to connect to the device, most clients have all cipher suites' latest one, they check automatically and connect based on available ciphers and compatibility, if not the client throw error also switch see log same.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide