01-26-2015 06:57 AM
Hello,
Our client ordered PenTest, and as a feedback they got recommendation to "Disable SSH CBC Mode Ciphers, and allow only CTR ciphers" and "Disable weak SSH MD5 and 96-bit MAC algorithms" on their Cisco 4506-E switches with CIsco IOS 15.0
I have gone through Cisco documentation that i could find, also tried to find the commands on the switches itself but i found no way manipulate these SSH options. (SSH v2 only is already configured)
Is there any way to do this on Cisco IOS? If not what are my alternatives?
Solved! Go to Solution.
01-27-2015 12:37 AM
You can use an external server for authentication. But that won't change anything in encryption.
RADIUS will be fine for Authentication, if you are also looking for strong authorization, you should look into TACACS+.
Back to you original problem:
Some/long time ago a customer had a similar problem and solved it the following way:
With that, there was strong crypto from the admin-workstations to the linux-server and quite weak crypto from the linux box to the routers switches (that was at the 2950/3900XL-times). But as the linux-boxes were positioned in the management-network, the all over risk was reduced.
09-29-2016 04:27 PM - edited 07-31-2018 07:44 AM
This is finally available in Cisco ASA as of 9.1(7), 9.4(3), 9.5(3), and 9.6(1) with a basic hardened config such as:
ssh version 2
ssh cipher encryption custom "aes128-ctr:aes192-ctr:aes256-ctr"
ssh cipher integrity high
ssh key-exchange group dh-group14-sha1
ssh timeout 60
show ssh ciphers
EDIT: Changed "high" template for SSH to explicit ciphers
TLS1.2 can also be configured similarly, although the "high" template doesn't remove all weaker ciphers (PFS is preferred with ECDHE or DHE as long as the self-signed or public certificate key strength is > 1024-bits), so you have to make it custom:
ssl server-version tlsv1.2
ssl client-version tlsv1.2
ssl cipher default custom "AES256-SHA:AES128-SHA"
ssl cipher tlsv1 custom "DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-SHA:AES128-SHA"
ssl cipher tlsv1.1 custom "DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA"
ssl cipher tlsv1.2 custom "ECDHE-RSA-AES256-GCM-SHA384:AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:AES128-SHA256"
ssl cipher dtlsv1 custom "AES256-SHA:AES128-SHA"
ssl dh-group group14
ssl ecdh-group group20
EDIT: Updated ciphers and added ECDH group. Also note that Cisco IP phones running DTLSv1 may need a matching TLSv1.2 cipher (they don't work when using TLSv1.2 ECDHE cipher + a weaker DTLSv1 cipher).
IOS-based devices starting with 15.5(2)T can use:
ip ssh server algorithm mac hmac-sha1
ip ssh server algorithm encryption aes128-ctr aes256-ctr
I read Karsten's link after I wrote this and it has many more details, so consider the above cliff notes.
01-26-2015 07:32 AM
Based on your version you are quite limited in what you can configure. I wrote a little guide for the SSH-config:
https://supportforums.cisco.com/document/12338141/guide-better-ssh-security
01-26-2015 11:46 PM
Thanks for the reply.
So theres no way i can configure this on Cisco... thought so
Is there any other way, like using some kind of server and redirecting SSH authentication to it? Our client already has RADIUS server, can we use that?
01-27-2015 12:37 AM
You can use an external server for authentication. But that won't change anything in encryption.
RADIUS will be fine for Authentication, if you are also looking for strong authorization, you should look into TACACS+.
Back to you original problem:
Some/long time ago a customer had a similar problem and solved it the following way:
With that, there was strong crypto from the admin-workstations to the linux-server and quite weak crypto from the linux box to the routers switches (that was at the 2950/3900XL-times). But as the linux-boxes were positioned in the management-network, the all over risk was reduced.
01-27-2015 05:42 AM
Thank you, we will probably try something similar, although i doubt it will help with future PenTests as CBC will still be enabled.
Thanks again
01-27-2015 06:35 AM
Well, when the device doesn't answer a SSH-request, there will be no cipher to negotiate. At least not from the general network. ;-)
06-25-2020 01:27 AM
Thanks
09-29-2016 04:27 PM - edited 07-31-2018 07:44 AM
This is finally available in Cisco ASA as of 9.1(7), 9.4(3), 9.5(3), and 9.6(1) with a basic hardened config such as:
ssh version 2
ssh cipher encryption custom "aes128-ctr:aes192-ctr:aes256-ctr"
ssh cipher integrity high
ssh key-exchange group dh-group14-sha1
ssh timeout 60
show ssh ciphers
EDIT: Changed "high" template for SSH to explicit ciphers
TLS1.2 can also be configured similarly, although the "high" template doesn't remove all weaker ciphers (PFS is preferred with ECDHE or DHE as long as the self-signed or public certificate key strength is > 1024-bits), so you have to make it custom:
ssl server-version tlsv1.2
ssl client-version tlsv1.2
ssl cipher default custom "AES256-SHA:AES128-SHA"
ssl cipher tlsv1 custom "DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-SHA:AES128-SHA"
ssl cipher tlsv1.1 custom "DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA"
ssl cipher tlsv1.2 custom "ECDHE-RSA-AES256-GCM-SHA384:AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:AES128-SHA256"
ssl cipher dtlsv1 custom "AES256-SHA:AES128-SHA"
ssl dh-group group14
ssl ecdh-group group20
EDIT: Updated ciphers and added ECDH group. Also note that Cisco IP phones running DTLSv1 may need a matching TLSv1.2 cipher (they don't work when using TLSv1.2 ECDHE cipher + a weaker DTLSv1 cipher).
IOS-based devices starting with 15.5(2)T can use:
ip ssh server algorithm mac hmac-sha1
ip ssh server algorithm encryption aes128-ctr aes256-ctr
I read Karsten's link after I wrote this and it has many more details, so consider the above cliff notes.
10-17-2017 08:40 AM
Hi,
Is there any chance of disaling SSL in version 12.2 on Cisco 3750 series switch.
Thank You,
Raja.
06-28-2019 11:45 AM
For cisco Catalyst 4500 (WS-C4507R+E) there is not a IOS-based devices starting with 15.x, the releases are 3.x ... the command are avilable in some of this releases or there are other special commands for 4500?
01-21-2020 03:41 AM
01-21-2020 07:42 AM
A few additional/stronger options in IOS-XE 16 (example from 16.12):
ip ssh dh min size 2048 ip ssh server algorithm encryption aes256-ctr aes128-ctr ip ssh server algorithm mac hmac-sha2-256 ip ssh server algorithm kex diffie-hellman-group14-sha1 ip ssh client algorithm encryption aes256-ctr aes128-ctr
SSH server ciphers can be verified with nmap 7.8:
nmap --script ssh2-enum-algos 10.11.12.13
Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-21 08:40 MST
Nmap scan report for 10.11.12.13
Host is up (0.021s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
| ssh2-enum-algos:
| kex_algorithms: (1)
| diffie-hellman-group14-sha1
| server_host_key_algorithms: (1)
| ssh-rsa
| encryption_algorithms: (2)
| aes256-ctr
| aes128-ctr
| mac_algorithms: (1)
| hmac-sha2-256
| compression_algorithms: (1)
|_ none
179/tcp filtered bgp
04-13-2022 02:54 AM
@thiland Will i lose my ssh connection if i entered below command on cisco asa
ssh version 2
ssh cipher encryption custom "aes128-ctr:aes192-ctr:aes256-ctr"
04-18-2022 10:27 AM
@thiland Can you pls help me regarding my query.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide