SSH Weak Key Exchange Algorithms Enabled

Melove · ‎09-05-2022

VA Team found VA - SSH Weak Key Exchange Algorithms Enabled on WS-C3750X-24 IOS 15.2(4)E10.

VA Description:

The remote SSH server is configured to allow key exchange algorithms which are considered weak.

This is based on the IETF draft document Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH)

draft-ietf-curdle-ssh-kex-sha2-20. Section 4 lists guidance on key exchange algorithms that SHOULD NOT and MUST NOT be

enabled. This includes:

diffie-hellman-group-exchange-sha1

diffie-hellman-group1-sha1

gss-gex-sha1-*

gss-group1-sha1-*

gss-group14-sha1-*

rsa1024-sha1

The following weak key exchange algorithms are enabled :

diffie-hellman-group-exchange-sha1
diffie-hellman-group1-sha1

Configuration :

1) #sh ip ssh
SSH Enabled - version 2.0
Authentication methods:publickey,keyboard-interactive,password
Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa
Hostkey Algorithms:x509v3-ssh-rsa,ssh-rsa
Encryption Algorithms:aes256-ctr
MAC Algorithms:hmac-sha1
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 2048 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded): W-NIVI.xyz.com
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCSwj+G6rUkc0NehAPeb7FlcxB1LwVvR+t/aZy1K32g
0NZEQsmpKH7igvD5U3y2gs48De3NesvCYSxehHXarnOQnMbEl+7KWFZdlUcy5TI7RuPRQuzfOALGRmoP
iJ/02yko9okr9H6YemoO3MKSvC+Z3xoAnOJ8Xz8M7ujO3ZxIhZ2c7uJrzxQW56lfsydVJDcQr9uC/Mbf
Tzv/naULYpYR6gOvjHF+7E6rvjdT+lqdZj2y77sGDt6qD/zffi7Jha+aL4wZAIl6LbFV6xS8x44aJFI2
wnWS788MoLpspgEOZJRAU8c/gUhzT79PQP2wMJGoaMcEgeVUUFeMQXYkH+kr

2) ip ssh version 2
ip ssh dh min size 2048
ip ssh server algorithm mac hmac-sha1
ip ssh server algorithm encryption aes256-ctr

transport input ssh.

Could you please suggest how to mitigate this VA

Kasun Bandara · ‎09-05-2022

this will help

https://community.cisco.com/t5/switching/can-i-disable-weak-encryption-algorithms-on-ssh/td-p/3989285

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

Melove · ‎09-05-2022

@Kasun Bandara : Thank you for kind response.

I have implemented suggested solution and same things are mentioned in configuration but it is not solved.

Georg Pauwen · ‎09-05-2022

Hello,

if you have:

--> ip ssh dh min size 2048

configured, this should effectively disable 'diffie-hellman-group-exchange-sha1'. It might show up in a scan, but you cannot use it. Have the VA team actually make a connection (which should be refused):

--> ssh -vvv -o "KexAlgorithms diffie-hellman-group1-sha1" user@device_ip

Melove · ‎09-16-2022

still this command exist, we found the VA.

Should i place command in switch to mitigate the VA

--> ssh -vvv -o "KexAlgorithms diffie-hellman-group1-sha1" user@device_ip

any other alternate way to disable the diffie-hellman-group1-sha1 in switch ?

Melove · ‎09-19-2022

can anyone suggest ?

jayu · ‎07-20-2023

@Melove - Recently, I found a similar issue with our pen tests. Using NMAP I saw that our switches were all using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA256 but getting a failing grade while our servers were using the exact same string and getting an A. Closer inspection showed that the key exchange algorithm on the switches were set to SECP256R1 and the servers are at ECDH_X25519. So, now I'm going in and removing weak ciphers and adjusting key exchanges. Hope this points you in the right direction as well! Another thing I just realized is...you might need to change this setting for both SERVER and CLIENT. It's two different commands (https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_ssh/configuration/xe-16/sec-usr-ssh-xe-16-book/sec-secure-shell-algorithm-ccc.html) and could be causing what you're seeing if only one or the other is set.