Guest

Preview Tool

Cisco Bug: CSCvh65144 - [ENH] Disable weak SSH Algorithms or allow only specific ones

Last Modified

Dec 05, 2019

Products (1)

  • Cisco Content Security Management Appliance

Known Affected Releases

11.0.0-118 11.0.0-132

Description (partial)

Symptom:
When initiating the ssh connection in verbose mode (ssh -vv SMA_ip)  (for example from Linux system or with MobaXterm client) you'll see the version information of the remote host:

debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2_hpn13v11 FreeBSD-20130515
debug1: match: OpenSSH_6.2_hpn13v11 FreeBSD-20130515 pat OpenSSH*

You can also see the list of offered ciphers:

debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

Feature request is to have the possibility to block unsafe ciphers or allow only specific ones but this option is not available on the SMA yet.

Conditions:
When initiating the ssh connection in verbose mode (ssh -vv SMA_ip)  (for example from Linux system or with MobaXterm client) you'll see the version information of the remote host:

debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2_hpn13v11 FreeBSD-20130515
debug1: match: OpenSSH_6.2_hpn13v11 FreeBSD-20130515 pat OpenSSH*

You can also see the list of offered ciphers:

debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

Feature request is to have the possibility to block unsafe ciphers or allow only specific ones but this option is not available on the SMA yet.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.