04-28-2020 10:59 PM - edited 07-05-2021 11:59 AM
I have already enabled high-cipher on SSH, but for security compliance, I need evidence to show that the only version of SSH enabled on WLC is version 2 only.
Is there a way to show this evidence?
04-28-2020 11:34 PM - edited 04-28-2020 11:34 PM
Hi,
As per cisco FAQ, WLC only support SSH version 2
For verification you can sniff the packets.
Regards
Dont forget to rate helpful posts
04-29-2020 12:14 AM
Adding to Sandeep's response.
What version of AireOS are you running?
If it is 8.6.x or above then when you enable high cipher option, then it uses sha2. Those ECDH key exchanges are supported only in SSHv2
"In Release 8.6, controllers are migrated from OpenSSH to libssh, and libssh does not support these key exchange (KEX) algorithms: ecdh-sha2-nistp384 and ecdh-sha2-nistp521. Only ecdh-sha2-nistp256 is supported."
There is no CLI command to verify form WLC end.
HTH
Rasika
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide