This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
- Community
- RUCKUS Technologies
- RUCKUS Lennar Support
- Community Services
- RTF
- RTF Community
- Australia and New Zealand – English
- Brazil – Português
- China – 简体中文
- France – Français
- Germany – Deutsch
- Hong Kong – 繁體中文
- India – English
- Indonesia – bahasa Indonesia
- Italy – Italiano
- Japan – 日本語
- Korea – 한국어
- Latin America – Español (Latinoamérica)
- Middle East & Africa – English
- Netherlands – Nederlands
- Nordics – English
- North America – English
- Poland – polski
- Russia – Русский
- Singapore, Malaysia, and Philippines – English
- Spain – Español
- Taiwan – 繁體中文
- Thailand – ไทย
- Turkey – Türkçe
- United Kingdom – English
- EOL Products
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- RUCKUS Forums
- RUCKUS Technologies
- RUCKUS Self-Help
- How to disable weak SSH chipper and CBC on the ICX...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
How to disable weak SSH chipper and CBC on the ICX switches
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-29-2023 10:54 AM
Here the switch model used is 7150 series and firmware running are 8095c.
Run “show ip ssh config” to view all SSH details.
Device#show ip ssh config
SSH server : Enabled
SSH port : tcp\22
Host Key : RSA 2048
Encryption : aes256-cbc, aes192-cbc, aes128-cbc, aes256-ctr, aes192-ctr, aes128-ctr, 3des-cbc
Permit empty password : No
Authentication methods : Password, Public-key, Interactive
Authentication retries : 3
Login timeout (seconds) : 120
Idle timeout (minutes) : 5
SCP : Enabled
SSH IPv4 clients : All
SSH IPv6 clients : All
SSH IPv4 access-group :
SSH IPv6 access-group :
SSH Client Keys :
Client Rekey : 0 Minute, 0 KB
Server Rekey : 0 Minute, 0 KB
To disable weak SSH cipher:
The diffie-hellman-group1-sha1 key exchange method is a weaker algorithm and can be disabled using the “no ip ssh key-exchange-method dh-group1-sha1” command.
Command:
- Device(config)#no ip ssh key-exchange-method dh-group1-sha1
To disable CBC encryption mode:
Command:
- Device(config)# ip ssh encryption disable-aes-cbc
Output after disabling CBC encryption mode:
ICX7150-24F Switch(config)#show ip ssh config
SSH server : Enabled
SSH port : tcp\22
Host Key : RSA 2048
Encryption : aes256-ctr, aes192-ctr, aes128-ctr
Permit empty password : No
Authentication methods : Password, Public-key, Interactive
Authentication retries : 3
Login timeout (seconds) : 120
Idle timeout (minutes) : 5
SCP : Enabled
SSH IPv4 clients : All
SSH IPv6 clients : All
SSH IPv4 access-group :
SSH IPv6 access-group :
SSH Client Keys :
Client Rekey : 0 Minute, 0 KB
Server Rekey : 0 Minute, 0 KB
Reference links below:
Enabling SSH
Viewing SSH
Disabling telnet Access
Disable CBC
Disable weak SSH cipher:
Labels:
- Labels:
-
ICX
-
RUCKUS Self-Help
4 REPLIES 4
Labels
-
AAA
2 -
Access points
48 -
Analytics
3 -
AP Certificate error
1 -
AP Controller Connectivity
5 -
AP Management
8 -
AP migration
1 -
AP reporting
1 -
API
2 -
Authentication Server
2 -
Client Management
1 -
Cloud
20 -
Cloud ICX
1 -
Cloudpath
23 -
Cluster synchronization
1 -
Deployment
2 -
Firmware Recommendation
1 -
Firmware Upgrade
5 -
Guest Access
2 -
ICX
72 -
ICX Switch Management
7 -
Installation
5 -
IoT
1 -
Licensing
1 -
Mobile Apps
2 -
Monitoring
1 -
Poe
2 -
RADIUS
2 -
Ruckus Cloud
1 -
RUCKUS Self-Help
208 -
Security
6 -
SmartZone or vSZ
64 -
Stacking
1 -
SZ ICX Connectivity
1 -
Traffic Management-
1 -
UMM
3 -
Unleashed
15 -
User Management
1 -
Venue Management
1 -
Wired Throughput
2 -
Wireless Throughput
1 -
WLAN Management
5 -
ZoneDirector
15
- « Previous
- Next »
