Hi, Would like to ask if we can possibly disable 96-bit HMAC Algorithm? Devices is currently in ssh v2 and recently received a vulnerability issue regarding this.
show ip ssh SSH Enabled - version 2.0 Authentication methods:publickey,keyboard-interactive,password Encryption Algorithms:aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc MAC Algorithms:hmac-sha1,hmac-sha1-96 Authentication timeout: 60 secs; Authentication retries: 3 Minimum expected Diffie Hellman key size : 1024 bits IOS Keys in SECSH format(ssh-rsa, base64 encoded):
Can I just disable using this command?
(config)# ip ssh server algorithm mac hmac-sha1 (config)# ip ssh version 2
or an IOS upgrade is needed to have the lastest version and to have a strong cipher suites? Any idea? thanks
No comments:
Post a Comment