Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2721
Views
2
Helpful
2
Replies

SSH Weak Key Exchange Algorithms Enabled

Go to solution
BenBautista8672
Visitor

‎10-30-2024 07:17 AM

I read other discussion on this topic however my case might be different because of the type of hardware used. I recently upgraded the IOS on 3560CX switch to 15.2(7)E10 as recommended by the cybersecurity team. The solution I read on this topic is to update the key exchange algorithm, however it only gives two algorithm which are included on the list of Nessus being flag. Redacted show command result below. Is there a other way to disable the key exchange?


SSH Enabled - version 2.0


Encryption Algorithms:aes256-ctr,aes192-ctr,aes128-ctr
MAC Algorithms:hmac-sha2-512,hmac-sha2-256
KEX Algorithms:diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
Authentication timeout: 60 secs; Authentication retries: 5
Minimum expected Diffie Hellman key size : 2048 bits

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎10-30-2024 07:28 AM

This device is too old for up-to-date algorithms.

https://community.cisco.com/t5/security-knowledge-base/guide-to-better-ssh-security/ta-p/3133344

--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

View solution in original post

2 Replies 2

Go to solution
Karsten Iwen
VIP
VIP

‎10-30-2024 07:28 AM

This device is too old for up-to-date algorithms.

https://community.cisco.com/t5/security-knowledge-base/guide-to-better-ssh-security/ta-p/3133344

--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

Go to solution
Ken Stieers
VIP
VIP

‎10-30-2024 07:30 AM

moved to Switching as you posted in Email Security

0 Helpful
Customers Also Viewed These Support Documents