cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
282
Views
0
Helpful
2
Replies
Highlighted
Beginner

Check SSH version on WLC

I have already enabled high-cipher on SSH, but for security compliance, I need evidence to show that the only version of SSH enabled on WLC is version 2 only.

 

Is there a way to show this evidence?

2 REPLIES 2
Highlighted
VIP Mentor

Hi,

 

As per cisco FAQ, WLC only support SSH version 2

 

https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/118833-wlc-design-ftrs-faq.html

 

For verification you can sniff the packets.

 

Regards

Dont forget to rate helpful posts

Highlighted
VIP Mentor

Adding to Sandeep's response.

 

What version of AireOS are you running?

If it is 8.6.x or above then when you enable high cipher option, then it uses sha2. Those ECDH key exchanges are supported only in SSHv2

 

"In Release 8.6, controllers are migrated from OpenSSH to libssh, and libssh does not support these key exchange (KEX) algorithms: ecdh-sha2-nistp384 and ecdh-sha2-nistp521. Only ecdh-sha2-nistp256 is supported."

 

There is no CLI command to verify form WLC end.

 

HTH

Rasika