Cisco Bug: CSCvh65144 - [ENH] Disable weak SSH Algorithms or allow only specific ones
Last Modified
Dec 05, 2019
Products (1)
- Cisco Content Security Management Appliance
Known Affected Releases
11.0.0-118 11.0.0-132
Description (partial)
Symptom: When initiating the ssh connection in verbose mode (ssh -vv SMA_ip) (for example from Linux system or with MobaXterm client) you'll see the version information of the remote host: debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2_hpn13v11 FreeBSD-20130515 debug1: match: OpenSSH_6.2_hpn13v11 FreeBSD-20130515 pat OpenSSH* You can also see the list of offered ciphers: debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se Feature request is to have the possibility to block unsafe ciphers or allow only specific ones but this option is not available on the SMA yet. Conditions: When initiating the ssh connection in verbose mode (ssh -vv SMA_ip) (for example from Linux system or with MobaXterm client) you'll see the version information of the remote host: debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2_hpn13v11 FreeBSD-20130515 debug1: match: OpenSSH_6.2_hpn13v11 FreeBSD-20130515 pat OpenSSH* You can also see the list of offered ciphers: debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se Feature request is to have the possibility to block unsafe ciphers or allow only specific ones but this option is not available on the SMA yet.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Status
- Severity
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases