Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1983
Views
1
Helpful
2
Replies

Check SSH version on WLC

ejlbarcelon
Level 1
Level 1

‎04-28-2020 10:59 PM - edited ‎07-05-2021 11:59 AM

I have already enabled high-cipher on SSH, but for security compliance, I need evidence to show that the only version of SSH enabled on WLC is version 2 only.

 

Is there a way to show this evidence?

Labels:
0 Helpful
2 Replies 2

Sandeep Choudhary
VIP Alumni
VIP Alumni

‎04-28-2020 11:34 PM - edited ‎04-28-2020 11:34 PM

Hi,

 

As per cisco FAQ, WLC only support SSH version 2

 

https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/118833-wlc-design-ftrs-faq.html

 

For verification you can sniff the packets.

 

Regards

Dont forget to rate helpful posts

0 Helpful

Rasika Nayanajith
VIP
VIP

‎04-29-2020 12:14 AM

Adding to Sandeep's response.

 

What version of AireOS are you running?

If it is 8.6.x or above then when you enable high cipher option, then it uses sha2. Those ECDH key exchanges are supported only in SSHv2

 

"In Release 8.6, controllers are migrated from OpenSSH to libssh, and libssh does not support these key exchange (KEX) algorithms: ecdh-sha2-nistp384 and ecdh-sha2-nistp521. Only ecdh-sha2-nistp256 is supported."

 

There is no CLI command to verify form WLC end.

 

HTH

Rasika

 

 

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card