Re: It is available in newer IOS

WIN PHYO AUNG · ‎04-23-2014

Hi,

We use SSH v2 to login and manage the cisco switches.

But recently our internal security team did VA scan and found out the switches are using SSH Server CBC Mode Ciphers.

And they suggest to disable SSH Server CBC Mode Ciphers and enable CTR or GCM cipher mode encryption.

What is the default encryption mode cisco's ssh using?

Can anyone share if it is possible to disable and enable as they suggest?

Thanks

jchen20071024 · ‎07-15-2014

Hi w.phyoaung,

I have the same question/problem as you but I noticed no one has offered a solution. Were you able to find out how to disable the CBC mode cipher encryption and enable CTR or GCM?

Thanks

Wiley Winter · ‎08-31-2016

This question hasn't been answered yet??

ted.schwind · ‎08-31-2016

It is available in newer IOS code. Here is my setting:
ip ssh server algorithm encryption aes256-ctr aes192-ctr aes128-ctr

Wiley Winter · ‎08-31-2016

Great! Thank you, Ted. I understand the process now.

Wiley Winter

Shoaib Arshad · ‎08-10-2020

Dear Team,

How to fix this?

"disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption"

Thanks,

Shoaib

sv7 · ‎04-13-2022

@ted.schwind Will i loose my ssh connection if i add below command. Pls help

ip ssh server algorithm encryption aes256-ctr aes192-ctr aes128-ctr

ted.schwind · ‎04-13-2022

I didn't lose my connection.

sv7 · ‎04-15-2022

@ted.schwind Thank you buddy for replying. Basically im going to apply this command on Cisco Asa and i believe both asa and switch have same ssh working mechanism.

sv7 · ‎04-18-2022

@ted.schwind Can you pls help me regarding my query

Alvaro Rugama · ‎08-07-2014

I also have the same question.

Cannot find any information about this.

Best Regards.

enablecomp · ‎01-02-2015

I'm having the same issue for the same reason. Anyone found anything on this?

To disable SSH Server CBC Mode Ciphers