Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2963
Views
0
Helpful
1
Replies

SSH Server CBC Mode Ciphers & SSH Weak MAC Algorithms

dcmpsez
Level 1
Level 1

‎12-27-2017 12:41 AM - edited ‎03-08-2019 01:13 PM

Security scan showing that my Switch( WS-C2960X-48FPS-L /15.2(2)E5 ) is affected by the below two vulnerabilities:
 
1. SSH Server CBC Mode Ciphers Enabled 
2. SSH Weak MAC Algorithms Enabled 
 
1) i have configured SSH v2 and Crypto key rsa with 2048 module.
 
Cisco2960X-Maingate1#sh crypto key mypubkey all
% Key pair was generated at: 15:21:02 IST Dec 27 2017
Key name: Cisco2960X-Maingate1.adani.com
Key type: RSA KEYS
Storage Device: not specified
Usage: General Purpose Key
Key is not exportable. Redundancy enabled.
Key Data:
30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101
00BA549F 9AF6C6C9 BE5335CF 2916CD96 5190591C 57201B29 BC98B2DF 0CD33FCD
90E73DC2 A89166CF CFDB6189 2791D473 68FE0904 0A7A99B9 CC426502 6E954F9C
7811D5F5 99FA0D3F E1EFDEA6 F56C5994 225C555B 2D2AA5A7 21C4B06C BE620EED
758294DF CC142F92 3A61FD11 03B46A57 ABCE8447 665C07DA 0B969713 84C62EB4
410B503B C359BAD9 BB852C96 20AA762B 0849FE5A EA142753 586723BC 5EBAE3C8
6F2405E2 AE3FAE49 A4E3EAFB B87970B2 722DA97A 94A40A1D 916E749A 816B77AF
5055ACDF B6DD84CA 62604963 3DA9825E 335B1B10 317B3CDC 1E50ACFF 7D15C3FA
55FA4FE0 C40BF599 9D42D700 91A1EA5F D982B8BC A6C7E970 88244E6F E22DAFC6
73020301 0001
% Key pair was generated at: 15:21:02 IST Dec 27 2017
Key name: Cisco2960X-Maingate1.adani.com.server
Key type: RSA KEYS
Temporary key
Usage: Encryption Key
Key is not exportable. Redundancy enabled.
Key Data:
307C300D 06092A86 4886F70D 01010105 00036B00 30680261 0089D2E7 8E12143C
443F3794 ADA59794 1D2A3AC8 9571D3B1 7F03168F 594888A2 29F52CD0 23879522
4C107B56 9F6EE8DE DB192EE4 F02E4A1B AFADB282 C54C6268 92933400 C76DCA77
052C22AD 316C507D 81F9FB63 C10723AF F27808AF DA2CA5AD 0B020301 0001
Cisco2960X-Maingate1#
 
 
 
still VA is persist. please help.
Labels:
0 Helpful
1 Reply 1

lewislampkin
Level 1
Level 1

‎02-02-2018 04:58 AM

If your image has access to these commands, you should be able to make the modification:

For server:

ip ssh server algorithm mac <your_choice>

ip ssh server algorithm encryption <your_choice>

For client:

ip ssh client algorithm mac <your_choice>

ip ssh client algorithm encryption <your_choice>

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card