Disable weak SSH/SSL ciphers on Cisco IOS (2023)

Most companies still ship outdated and weak SSH and SSL encryption for backward compatibility reasons. Cisco is no exception. For your network security and to pass penetration tests, you must disable weak ciphers, disable SSH v1, and disable TLS versions 1.0 and 1.1.

Firefox, Chrome and Microsoft have committed to dropping support for TLS1.1. Firefox did indeed do so in May 2020, but many US government websites stopped working (during the Covid19 hysteria) which they rolled back. Microsoft has scheduled July 2020 to remove TLS 1.0/1.1 from IE, Edge Legacy, and Edge Chromium.

This blog is about Cisco IOS software. I plan to do another blog about IOS-XE and Nexus in the future.


SSH

Network equipment manufacturers (all I think) who enable SSH v1 by default really annoys me. Most Windows users connect using Putty, which supports SSH v2. You need to set putty as the default for SSH V2:

Disable weak SSH/SSL ciphers on Cisco IOS (1)

MAC/Linux users use OpenSSh, which also supports SSH V2. On MAC/Linux, situations can arise where weak ciphers are used and OpenSSH is unable to connect.

You will see a message similar to

ssh mhubbard@10.20.1.7 Cannot negotiate with 10.20.1.7 port 22: no suitable key exchange method found. Your offer: diffie-hellman-group1-sha1

This is easy to solve:

1. Open the SSH configuration file - gedit ~/.ssh/config
2. Add the host IP and required ciphers. KEX is key exchange:
Host 10.20.1.7
Kex-Algorithmen +diffie-hellman-group1-sha1
3des-cbc-Figuren

On a very old switch I found a host key exchange algorithm I had never heard of: "ssh-dss". I had to add HostKeyAlgorithms=+ssh-dss to connect.

If you only log in to this device once or twice, you can use the following without changing the SSH configuration file:

ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 10.20.1.7

You can use the "-G" option and SSH will show you the ciphers offered by SSH:

ssh -G mhubbard@10.20.1.7

The OpenSSH website has a page dedicated to legacy ciphers
Ciphers inherited from openssh

Remove weak SSH algorithms

All commands shown are from a running 2960x:
Version 15.2(4)E8 - Major Deployment (MD) of March 18, 2019

First, let's look at the default SSH configuration.

mostrar ip ssh

SSH enabled - version 1.99
Authentication methods: public key, interactive keyboard, password
Authentication public key algorithms: x509v3-ssh-rsa,ssh-rsa
Hostschlüsselalgorithmen: x509v3-ssh-rsa,ssh-rsa
Encryption Algorithms:aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbcc
MAC algorithms:hmac-sha1,hmac-sha1-96
Authentication timeout: 120 seconds; Authentication attempts: 3
Expected minimum key size for Diffie Hellman:1024 Bit
IOS key in SECSH format (ssh-rsa, base64 encoded): TP-self-signed-1676064512
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCjsPhP/zpPgra0d3wzzt8fDZnKL4sUtCh0DVmV0fH6
m+/Xke7IRMvxg2OEk333uHlKD+Ww6w8D2eMOzY7/R6edHA4UtKXwohJN1OZKS1ltL4tDSZSIeLO3juOL
GfxKBtvGd30Y2jzYYMmTQGP9u1VrKdQRKAU13/c+iOiQPi3Q4w==

(Video) Disable Weak Algorithms in OpenSSH (Alma Redhat Rocky)

"Version 1.99" means it supports SSH v1 and v2. We want to disable v1 and remove the cbc and 3Des ciphers. These are "Cipher Block Chain" algorithms and will cause an error during a penetration test.

In global configuration mode, enter:

ip ssh version 2 ! Disable V1ip ssh server encryption algorithm aes256-ctr aes128-ctrip ssh server algorithm mac hmac-sha1no ip ssh server algorithm mac hmac-sha1-96

You should also run the following to secure SSH

cryptographic key rsa module generate 4096 label SSH-KEYS!Note that generating 4096-bit keys can take up to 3 minutes.ip ssh rsa key pair name SSH-KEYS !Associate keys with SSH!Minimum bit size for the Set connection from client IP ssh i.e. minimum size 2048

Let's see what SSH looks like now:

mostrar ip ssh

SSH enabled - version 2.0
Authentication methods: public key, interactive keyboard, password
Authentication public key algorithms: x509v3-ssh-rsa,ssh-rsa
Hostschlüsselalgorithmen: x509v3-ssh-rsa,ssh-rsa
ssh ip server algorithm encryptionaes256-ctr aes128-ctr
MAC algorithms:hmac-sha1
Authentication timeout: 120 seconds; Authentication attempts: 3
Expected minimum key size for Diffie Hellman:2048 Bit
IOS key in SECSH format (ssh-rsa, base64-encoded): SSH-KEYS
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5KQxmPn8tyfK+9fq6NC75whEQD02Poopz9SE/SKeP
ibO8KM7kSVdwy7anUhmgiX5jGmpecTFoP+txdA+KuEszAL5x8aeNZsPAykqBU6JClIz3fnMKjgoIqFlZ
mwhL0Qow4OGrd52EkRNRxAc2TYpBr5p0ICdaxeHd7etzgXjkwcZpQ1e2kqvV9XU94LBO1R93AgYYLCsT
nFsKga4tvvikXqKuwe3tfWKzNfO4LY1mZE9FXecoNW0Kb8p4U/pO/w69oEbHmmH7BfgWSHCCVZlgBhcf
DtJa+oVnqHrMwVza+ViTMQLghvt63zewvTN2I235K6W+GhgUmx6p+Q62Rsrfrc+4K5ECVKNf7fzmlg6X
Zs+P3WKgP8rh2z7ObTT917pp1VXw4pUkeqCCtMEmkiICO0TzU1dXyuoEPNGeES8wxYOSdaMA0DGEL34p
Ccb6hb1RQbHjSjQZfDOXaZ0UwXtVJ07v7PR7fOhFHem58w2P+qmCwnEYFZrZhizR1y1SUDxs6Z7vZV98
cyoTo98dWG4WDGiHM1loLq3SA3OMfceq5g2waPVBNmpZlzXitCTern1bZ15zdLvhxY1589A/TaSZuMeP
lhjQ1mlYp3qf0Jt7eoaWNPRV/i0VUaRfxNBefiNBI5pS8ybj3bhfWpZe8QOOMAHRahAPPI9PasOBuMHR

In 2020, that's still pretty bad, but read on! Cisco added newer ciphers and removed some obsolete ciphers in newer IOS versions. You can check what's available in your version using:

test(config)#ip ssh server algorithm encryption ?

3des-cbc Three button 3DES in CBC mode
aes128-cbc 128-bit AES without CBC mode
aes128-ctr AES with 128-bit key in CTR mode
aes192-cbc AES mit 192 Bit ohne Modo CBC
aes192-ctr AES with 192-bit key in CTR mode
aes256-cbc AES mit 256 Bits ohne Modo CBC
aes256-ctr AES com chave de 256 bits no modo CTR

test(config)#ip ssh server algoritmo mac ?

hmac-sha1 HMAC-SHA1 (summary length = key length = 160 bits)
hmac-sha1-96 HMAC-SHA1-96 (summary length = 96 bits, key length = 160 bits)

If you look at the authentication in the output, you'll see that public key is an option. I wrote a blog showing how to use SSH keys instead of passwords -
Authentication to Cisco devices with SSH keys

Bad SSL ciphers

First, let's look at the current secure server settings. To view all possible secure server configurations:

sh-ip-server http

all HTTP server all information
connection HTTP server connection information
External external HTTP record
history HTTP-Serververlaufsinformationen
Secure HTTP server status information
Session Module Information about the session module of the HTTP server application
The statistics The statistical information of the HTTP server
status Information about the status of the HTTP server

sh ip server http alle 

HTTP Server Status: Disabled
HTTP-Serverport: 80
HTTP server authentication method: local
HTTP server access class: 0
Basispfad des HTTP-Servers: flash:/c2960x-universalk9-mz.152-4.E8/html
HTTP-Server-Hilfe-Root:
Maximum number of simultaneous server connections allowed: 16
Maximum number of secondary server connections allowed: 5
Server inactivity timeout: 180 seconds
Server lifetime limit: 180 seconds
Server session inactivity timeout: 180 seconds
Maximum allowed number of requests for a connection: 25
Active HTTP server session modules: ALL
HTTP Secure Server Capability: Present
Secure HTTP Server Status: Enabled
HTTP server secure port: 443
HTTP security server cipher set:e-aes-128-cbc-sha e-aes-256-cbc-sha
edche-rsa-aes-256-cbc-sha edche-rsa-rc4-128-sha

HTTP Secure Server Client Authentication: Disabled
HTTP Security Server Trust Point:
HTTP Secure Server Active Session-Module: ALLE

To see who is connected to the switch over TLS:

sh ip HTTP-Serververbindung

Current HTTP server connections:
local-ipaddress:port remote-ipaddress:porta In-Bytes Out-Bytes
192.168.10.31:443 192.168.10.211:55014 1394 586227

View available current cipher suites


ip http secure encryption ?


aes-128-cbc-sha Kryptografischer Typ tls_rsa_with_aes_cbc_128_sha
series of figures
aes-256-cbc-sha Kryptografischer Typ tls_rsa_with_aes_cbc_256_sha
series of figures
and-aes-128-cbc-sha Cryptography type tls_dhe_rsa_with_aes_128_cbc_sha
set of numbers
and-aes-256-cbc-sha Cryptography type tls_dhe_rsa_with_aes_256_cbc_sha
series of figures
edche-rsa-aes-256-cbc-sha Cryptography type tls_ecdhe_rsa_aes_256_cbc_sha
series of figures
edche-rsa-rc4-128-sha encryption type tls_ecdhe_rsa_rc4_128_sha
series of figures
null-sha Type der Cryptography tls_rsa_with_null_sha ciphersuite

Note that rc4 and null are supported!

(Video) SSH vulnerabilities MAC algorithms and CBC ciphers - Resolved | Tech Arkit

To check what the switch offers, I ran the nmap ssl-cert and ciphers script.

sudo nmap --script ssl-cert,ssl-enum-ciphers -p 443 192.168.10.31

Nmap scan report for 10.241.3.40
Host is up, received TTL 254 echo reply (0.10 sec latency).
Scanned on 06/18/2020 3:28:06 PDT for 3s

REASON FOR PORT STATE SERVICE
443/tcp aberto https syn-ack ttl 254
| ssl-cert: Betreff: commonName=IOS-Self-Signed-Certificate-1302447744
| Emissor: commonName=IOS-Self-Signed-Certificate-1302447744
🇧🇷 Public key type: rsa
🇧🇷 Public key bits: 1024
🇧🇷 Signaturalgorithmus: sha1WithRSAEncryption
🇧🇷 Not valid before: 2020-06-16T22:55:16
🇧🇷 Not valid after: 2030-01-01T00:00:00
| MD5: c522 61ff 31c4 c9aa 971d 7cfd 4eb7 14de
| SHA-1: 50fb 7c7d d6a8 86c0 ba67 1293 11d7 f529 058e e1de
🇧🇷 -----START CERTIFICATE-----
| MIICKzCCAZSgAwIBAgIBATANBgkqhkiG9w0BAQUFADAxMS8wLQYDVQQDEyZJT1Mt
| U2VsZi1TaWduZWQtQ2VydGlmaWNhdGUtMTMwMjQ0Nzc0NDAeFw0yMDA2MTYyMjU1
| MTZaFw0zMDAxMDEwMDAwMDBaMDExLzAtBgNVBAMTJklPUy1TZWxmLVNpZ25lZC1D
| ZXJ0aWZpY2F0ZS0xMzAyNDQ3NzQ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
| gQDCgxwOBYowFY7GgS3Q81u6CRTzcaEb2SwZvzSsjTLmHPqrB7OYgGukAgs19+Xa
| 8jRS3jY4Q492RtpyBAb4BU9naHXRKvD2zB5e9QDreeFOf73If6f8V/BtjqSozYZW
| N0RPpgqIWVbgQbkr1eBbnXgE1/TO7czYcjae/OTSZwQL1QIDAQABo1MwUTAPBgNV
| HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFDL08Ihv1OFKYBqkbHJ5wpXt3G7IMB0G
| A1UdDgQWBBQy9PCIb9ThSmAapGxyecKV7dxuyDANBgkqhkiG9w0BAQUFAAOBgQCH
| GxSZ29CUBrvCkDU4knDw9WmdLKqgMl88+dpZmOO758+o4B8lMT0f+Ixny7drFIJ7
| rrkhrqpCHnLDJtXYcINiaKASs3tPIpQ21nQ1r5WTdW8GqaTVcOBIFG0KWlJGVmsF
| RepCnGblGV/3mrUWImNU8xwY+uZS2vAFKAVXYVLk5w==
|_-----END OF CERTIFICATE-----
| ssl-enum-cifras:
| TLSv1.1:
| Counting:
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
🇧🇷 The compressor:
🇧🇷 NULL
🇧🇷 Encryption preference: Customer
| Hints:
🇧🇷 Weak certificate signing: SHA1
| TLSv1.2:
| Counting:
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
🇧🇷 The compressor:
🇧🇷 NULL
🇧🇷 Encryption preference: Customer
| Hints:
🇧🇷 Weak certificate signing: SHA1
|_ smallest force: A
465/tcp smtps reset closed ttl 254
993/tcp closed imaps reset ttl 254
995/tcp pop3s closed reset ttl 254
3389/tcp beendet ms-wbt-server reset ttl 254

NSE: Script-Post-Scan.
NSE: Start checking runlevel 1 (from 1).
Start NSE at 15:28
NSE completed at 15:28, 0.00 seconds elapsed
Read data files from: /usr/local/bin/../share/nmap
Nmap completed: scanned 1 IP address (1 host enabled) in 2.71 seconds
Raw packets sent: 9 (372B) | Received: 6 (232B)

To secure TLS I upgraded to 15.2.7E2. This release allows disabling TLS 1.0 and 1.1. To pass a penetration test, you must disable both. When the update is complete, run the following:

test(config)#ip http sichere chiffresuite ?

aes-128-cbc-sha Type of Cryptography tls_rsa_with_aes_cbc_128_sha Ciphersuite
aes-256-cbc-sha Type of Cryptography tls_rsa_with_aes_cbc_256_sha Ciphersuite
and-aes-128-cbc-sha Typ der Kryptografie tls_dhe_rsa_with_aes_128_cbc_sha Ciphersuite
edche-rsa-aes-256-cbc-sha Typ der Kryptografie tls_ecdhe_rsa_aes_256_cbc_sha ciphersuite

test(config)#ip http secure-ciphersuite edche-rsa-aes-256-cbc-sha aes-256-cbc-sha
test(config)#ip http tls-version ?

TLSv1.0 Set only the TLSv1.0 version
TLSv1.1 Set only the TLSv1.1 version
TLSv1.2 Set only the TLSv1.2 version

test(config)#ip http tls-version tlsv1.2

To check, I ran the nmap ssl-cert and ciphers scripts again. Only TLS 1.2 is enabled this time.

sudo nmap --script ssl-cert,ssl-enum-ciphers -p 443 192.168.10.31

Nmap scan report for 192.168.10.31
Host is up, received TTL 254 echo reply (latency 0.0072s).
Scanned on 06/18/2020 3:50:03 PDT for 3s

REASON FOR PORT STATE SERVICE
443/tcp aberto https syn-ack ttl 254
| ssl-cert: Betreff: commonName=IOS-Self-Signed-Certificate-1302447744
| Emissor: commonName=IOS-Self-Signed-Certificate-1302447744
🇧🇷 Public key type: rsa
🇧🇷 Public key bits: 1024
🇧🇷 Signaturalgorithmus: sha1WithRSAEncryption
🇧🇷 Not valid before: 2020-06-16T22:55:16
🇧🇷 Not valid after: 2030-01-01T00:00:00
| MD5: c522 61ff 31c4 c9aa 971d 7cfd 4eb7 14de
| SHA-1: 50fb 7c7d d6a8 86c0 ba67 1293 11d7 f529 058e e1de
🇧🇷 -----START CERTIFICATE-----
| MIICKzCCAZSgAwIBAgIBATANBgkqhkiG9w0BAQUFADAxMS8wLQYDVQQDEyZJT1Mt
| U2VsZi1TaWduZWQtQ2VydGlmaWNhdGUtMTMwMjQ0Nzc0NDAeFw0yMDA2MTYyMjU1
| MTZaFw0zMDAxMDEwMDAwMDBaMDExLzAtBgNVBAMTJklPUy1TZWxmLVNpZ25lZC1D
| ZXJ0aWZpY2F0ZS0xMzAyNDQ3NzQ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
| gQDCgxwOBYowFY7GgS3Q81u6CRTzcaEb2SwZvzSsjTLmHPqrB7OYgGukAgs19+Xa
| 8jRS3jY4Q492RtpyBAb4BU9naHXRKvD2zB5e9QDreeFOf73If6f8V/BtjqSozYZW
| N0RPpgqIWVbgQbkr1eBbnXgE1/TO7czYcjae/OTSZwQL1QIDAQABo1MwUTAPBgNV
| HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFDL08Ihv1OFKYBqkbHJ5wpXt3G7IMB0G
| A1UdDgQWBBQy9PCIb9ThSmAapGxyecKV7dxuyDANBgkqhkiG9w0BAQUFAAOBgQCH
| GxSZ29CUBrvCkDU4knDw9WmdLKqgMl88+dpZmOO758+o4B8lMT0f+Ixny7drFIJ7
| rrkhrqpCHnLDJtXYcINiaKASs3tPIpQ21nQ1r5WTdW8GqaTVcOBIFG0KWlJGVmsF
| RepCnGblGV/3mrUWImNU8xwY+uZS2vAFKAVXYVLk5w==
|_-----END OF CERTIFICATE-----
| ssl-enum-cifras:
| TLSv1.2:
| Counting:
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 1024) - A
🇧🇷 The compressor:
🇧🇷 NULL
🇧🇷 Encryption preference: Customer
| Hints:
🇧🇷 Weak certificate signing: SHA1
|_ smallest force: A

NSE: Script-Post-Scan.
NSE: Start checking runlevel 1 (from 1).
Start NSE at 15:50
NSE completed at 15:50, 0.00 seconds elapsed
Read data files from: /usr/local/bin/../share/nmap
Nmap completed: scanned 1 IP address (1 live host) in 2.99 seconds
Raw packets sent: 5 (196B) | Received: 2 (72B)

Results

You can see it still uses SHA1 as the certificate signing. You can useCiphersuite informationcompare different numbers.

Email or SSH?

Let's see what's new for SSH in 15.7.2E2.

Mac SSH IP Server Algorithm?

hmac-sha1 HMAC-SHA1 (summary length = key length = 160 bits)
hmac-sha1-96 HMAC-SHA1-96 (summary length = 96 bits, key length = 160 bits)
hmac-sha2-256 HMAC-SHA2-256 (summary length = 256 bits, key length = 256
Bits)
hmac-sha2-512 HMAC-SHA2-512 (summary length = 512 bits, key length = 512
Bits)

SSH IP server algorithm encryption?

3des-cbc Three button 3DES in CBC mode
aes128-cbc 128-bit AES without CBC mode
aes128-ctr AES with 128-bit key in CTR mode
aes192-cbc AES mit 192 Bit ohne Modo CBC
aes192-ctr AES with 192-bit key in CTR mode
aes256-cbc AES mit 256 Bits ohne Modo CBC
aes256-ctr AES com chave de 256 bits no modo CTR

Now we can eliminate the old HMAC-SHA1 and CBC ciphers from our switch!

(Video) Disabling SSH Server CBC Mode Ciphers and SSH Weak MAC Algorithms on Ubuntu 14.04

First we will add the sha2 HMACs

algoritmo do servidor ip ssh mac hmac-sha2-256 hmac-sha2-512

Then remove the sha1-hmacs

no ssh mac ip server algorithm hmac-sha1no ssh mac ip server algorithm hmac-sha1-96

And now the encryption

ip ssh server verschlüsselungsalgorithmus aes256-ctr aes192-ctr aes128-ctr

The results

mostrar ip ssh

SSH enabled - version 2.0
Authentication methods: public key, interactive keyboard, password
Authentication public key algorithms: x509v3-ssh-rsa,ssh-rsa
Hostschlüsselalgorithmen: x509v3-ssh-rsa,ssh-rsa
Encryption Algorithms:aes256-ctr, aes192-ctr, aes128-ctr
MAC algorithms:hmac-sha2-256,hmac-sha2-512
Algoritmos KEX:diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
Authentication timeout: 120 seconds; Authentication attempts: 3
Expected minimum Diffie-Hellman key size: 2048 bits
IOS key in SECSH format (ssh-rsa, base64-encoded): SSH-KEYS
Module size: 4096 bits
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCsyuZ8/lMCNHSLREb6vGQoBVehYQQI0+eJlanuyq5
f+iTqFcceR7vvXP14JhHmXe2lkygOZ8VIeilMJkpS8q748TaBL9QfmUAdDkbbk1wYPNKM2sLn/ACuerf
ImNa4vQFNaP28zqaCMhre/Z0DCRJvDnOXs2fepQnQZ6ZvbOgwMRw6rvTiLcPYlB46VlaS6T1ogEbsPLz
HG1e2UeGONxyIU9j99+sUq3h5omoxtOd33c7ygyBgghBm+G4rHoD4EsJmejK2/Ai1PsjHIN16EaTAB0Y
MiIFByAYr4/Hr+6ANejxDrFpeY3DDBTvXices3S+C/Ch6JEoFVfHufc5ni8OReE7KQhrBctNfhoXvFRO
wITNNyyu/jk1LLDTaLFbL/auw/eXGXlXXerWRFY6HvmAbQannl9wryvy97Hm4LJVO+DtTspwvw4IKrQT
HDMdyXvTI6RMjIlGb/7hiUeFb33wx7sw/DwkgjyUCWh8R8nCEoLfpz7qOchW2/WSj+608m62Eh6WDy5q
qkDpstQRD7AbE2OBtiuYgYJaNJfZ1qhIQXlvtQCTgRRS2TvInnoGg+STD2+lWR5WufgKEO778tNDXt3H
YRSdD2N1YcjXG+y0hB/xjvWSoMkr+G2Btxtm8QPgvXQRe9aFU/kALMBKBJ6Q+rDXr2QbyA7zpDudkAn3

Security header improvements

For IOS XE devices from 16.4.1, the Nginx/HTTP headers have the following settings to increase security:

Nginx - Web UI -

Nginx apps take care of the headers for your responses. Since the web UI is one of the NginX apps, it adds the security headers.

The three headings are as follows:

  • X-XSS Protection: 1; mode = block
  • X-Frame Options: SAMEORIGIN
  • X-Content-Type-Optionen: nosniff


Do the same with your Linux servers

There is a good chance that your company runs some Linux servers. Out of the box, CentOS/Ubuntu will have several weak ciphers. It's pretty easy to fix, but you need root privileges.

First we check which encryptions your server offers. If the server has a public IP address, you can go to https://sshcheck.com and enter the FQDN or IP address. You will receive a comprehensive report with suggestions as to which items should be disabled.

If the server is internal, you can use nmap's ssh-enum script:

sudo nmap --script ssh2-enum-algos 192.168.10.239

This will return a list of ciphers offered by your server.

Update the sshd configuration file

The sshd configuration file is in /etc/ssh. We need to open it and add the suites we want. First we make a backup.

sudo cd /etc/sshsudo cp sshd_config sshd_config.baksudo nano sshd_config

Add the following (make sure it conforms to your company's security policy)
cifras chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr

(Video) SSH Problem: Key Exchange Algorithm | macOS & Cisco

macs umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128@openssh.com,hmac-sha2-256

Algoritmos Kex diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256,curve25519-sha256,curve25519-sh$

You can add them anywhere. I place them just below the section
"# Ciphers and Encoding".

Press Ctrl+x, type Y to save the file, and type to exit.

You can use

sudo sshd -t

to review the changes. If the configuration file contains no errors, nothing is displayed. In the case of errors, you will receive a message with the line number in which the error occurred.

You can use

sshd-T

to back up the current ssh configuration.

Now all we have to do is restart the ssh daemon;

sudo systemctl reiniciar sshd

check your work

Refresh the sshcheck page or run nmap again. You should only see the entered cipher suites. Here is nmap against my server:

nmap --script ssh2-enum-algos -sV -p22 hubbardonnetworking.com

Launching Nmap 7.70 (https://nmap.org) at 2020-06-24 22:15 PDT
Nmap scan report for hubbardonnetworking.com (107.170.203.230)
Host is up (0.026s latency).

PORT STATE SERVICE-VERSION
22 /tcp ssh open OpenSSH 7.4 (protocol 2.0)
| ssh2-enum-algos:
| kex_algorithms: (6)
| diffie-hellman-group14-sha256
| diffie-hellman-group16-sha512
| diffie-hellman-group18-sha512
| diffie-hellman-group-exchange-sha256
| curva25519-sha256
| curve25519-sha256@libssh.org
| server_host_key_algorithms: (5)
| ssh-rsa
| rsa-sha2-512
| rsa-sha2-256
| ecdsa-sha2-nistp256
| ssh-ed25519
🇧🇷 Encryption Algorithms: (6)
| chacha20-poly1305@openssh.com
| aes256-gcm@openssh.com
| aes128-gcm@openssh.com
| aes256-ctr
| aes192-ctr
| aes128-ctr
| mac_algorithms: (5)
| umac-128-etm@openssh.com
| hmac-sha2-256-etm@openssh.com
| hmac-sha2-512-etm@openssh.com
| umac-128@openssh.com
| hmac-sha2-256
🇧🇷 Compression Algorithms: (2)
🇧🇷 None
|_ zlib@openssh.com

Service detection performed. Please report incorrect results at https://nmap.org/submit/ .
Nmap completed: checked 1 IP address (1 live host) in 0.70 seconds

I have a python script that displays a menu of various nmap security scripts. If you haven't used nmap much, it's worth a look.

The Python tool prepares nmap scripts

references

Putty-SSH V2
SSH algorithms for Common Criteria certification
Cisco IOS HTTP Services Command Reference

FAQs

How do I disable weak SSH ciphers? ›

Answer
  1. Log in to the sensor with the root account via SSH or console connection.
  2. Edit the /etc/ssh/sshd_config file and add the following line: Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc.
  3. Restart the sshd service to make the changes take effect:
Mar 21, 2022

How to disable SSH weak key exchange algorithms enabled? ›

In order to disable weak Ciphers and insecure HMAC algorithms in ssh services in CentOS/RHEL 8 please follow the instructions bellow:
  1. Edit /etc/sysconfig/sshd and uncomment CRYPTO_POLICY line: ...
  2. Make sure correct Ciphers, MACs and KexAlgorithms have been added to /etc/ssh/sshd_config file. ...
  3. Restart sshd service:

What are weak SSH ciphers? ›

The SSH key exchange algorithm is fundamental to keep the protocol secure. It is what allows two previously unknown parties to generate a shared key in plain sight, and have that secret remain private to the client and server. Over time, some implementations of this algorithm have been identified as weak or vulnerable.

How do you remediate SSH server CBC mode ciphers enabled? ›

For this vulnerability scan result, modify the configuration of SSHD to fix the issue:
  1. Open sshd_config in /etc/ssh directory.
  2. Remove the CBC ciphers under Ciphers to use “Ciphers aes256-ctr,aes192-ctr,aes128-ctr” only. Click image to enlarge. ...
  3. Save and quit.
  4. Restart sshd service using the command:
Sep 14, 2022

How do I fix SSL weak cipher suites? ›

Configure best practice cipher and removing weak ciphers easily - Version 18.2 and above
  1. In a text editor, open the following file: [app-path]/server/server.properties.
  2. Locate the line starting with “server.ssl.using-strong-defaults”
  3. Remove the proceeding # sign to uncomment the lines and edit the list as needed.
Jun 30, 2021

How to fix SSH weak message authentication code algorithms? ›

For this vulnerability scan result, modify the configuration of SSHD to fix the issue:
  1. Open sshd_config in /etc/ssh directory.
  2. Add following sentence to last line: MACs hmac-sha1,umac-64@openssh.com,hmac-ripemd160. ...
  3. Save and quit.
  4. Restart sshd service using the command: [root@imsva~#] service sshd restart.
Sep 14, 2022

How do I disable SSL disable static key ciphers? ›

The term for this is perfect forward secrecy. In summary to disable ssl-static-key-ciphers, you will need to remove RSA from the httpd configuration. To disable ssl-static-key-ciphers, you will need to add ! RSA to the httpd configuration.

How do I disable SSH authentication? ›

  1. Log into SSH.
  2. Edit the file with your favorite editor: /etc/ssh/sshd_config.
  3. Lookup the variable: PasswordAuthentication and change 'no' to 'yes'
  4. Save and close the file.
  5. Run this command: service sshd reload.

How to check SSH ciphers? ›

You can see what ciphers you have by doing this:
  1. sudo sshd -T | grep "\(ciphers\|macs\|kexalgorithms\)"
  2. sshd -T shows full SSHD config file.
  3. nmap -vv --script=ssh2-enum-algos.nse localhost.
  4. gnutls-cli -l.
  5. ssh -Q mac.
Dec 29, 2021

What ciphers should I disable? ›

You should also disable weak ciphers such as DES and RC4. DES can be broken in a few hours and RC4 has been found to be weaker than previously thought. In the past, RC4 was advised as a way to mitigate BEAST attacks.

What is the risk of weak ciphers? ›

Successful brute-forcing of weak ciphers can result in a malicious actor decrypting data containing sensitive information, potentially leading to a complete compromise of confidentiality and integrity. The extent of damage is really only limited to the value of compromised data and the imagination of the attacker.

Which SSH ciphers are secure? ›

Cryptographic policy

Symmetric algorithms for encrypting the bulk of transferred data are configured using the Ciphers option. A good value is aes128-ctr,aes192-ctr,aes256-ctr . This should also provide good interoperability.

Why are CBC ciphers weak? ›

"Due to the difficulties in implementing CBC cipher suites, and the numerous known exploits against bugs in specific implementations, Qualys SSL Labs began marking all CBC cipher suites as WEAK in May 2019.

How do I disable SSH weak MAC algorithms? ›

Perform following three steps:
  1. First check the cipher and MAC algorithms currently supported in the PICOS SSH protocol. Check the version of SSH: ...
  2. Check what cipher and MAC algorithms are currently supported. ...
  3. From the above output decide which cipher or MAC algorithm you want to disable.
Feb 4, 2021

How do I disable TLS 1.2 cipher suites? ›

Disable TLS 1.2
  1. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server] "Enabled"=dword:00000000.
  2. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server] "DisabledByDefault"=dword:00000001.
Jan 25, 2021

Should I disable cipher suites? ›

The purpose is to use the most secure protocols, cipher suites and hashing algorithms that both ends support. To use the strongest ciphers and algorithms it's important to disable the ciphers and algorithms you no longer want to see used.

How can I improve my SSL performance? ›

Decreasing the number of connections increases performance for secure communication through SSL connections, as well as non-secure communication through simple Transmission Control Protocol/Internet Protocol (TCP/IP) connections. One way to decrease individual SSL connections is to use a browser that supports HTTP 1.1.

How do you make ciphers more secure? ›

One way to make a Caesar cipher a bit harder to break is to use different shifts at different positions in the message. For example, we could shift the first character by 25, the second by 14, the third by 17, and the fourth by 10.

How do I stop SSH Firewall from blocking? ›

Install an SSH tool such as OpenSSH on the server you want to connect to using the sudo apt install openssh-server command. If your firewall is blocking your SSH connection. Disable the firewall rules blocking your SSH connection by changing the destination port's settings to ACCEPT.

How do I fix SSH problem? ›

STEPS TO TRY WHEN TROUBLESHOOTING SSH CONNECTIONS:
  1. Ping your VPS. As with most network connectivity problems the first step should be to ping your server. ...
  2. Use VNC to gain access if internet connection is established but SSH is not. ...
  3. Verify the VPS Firewall Rules. ...
  4. Verify the SSH Service Status. ...
  5. Verify the SSH Port.
Jun 22, 2020

How do I troubleshoot SSH connection? ›

Troubleshooting steps:
  1. Verify that the host IP address is correct.
  2. Verify the firewall rules, check the inbound rules allowed by the security group.
  3. Verify the port number allowed for ssh.
  4. Verify that the service is running properly.
Oct 18, 2021

How do I scan for weak ciphers? ›

How to do it...
  1. Open the terminal and launch the SSLScan tool, as shown in the following screenshot:
  2. To scan your target using SSLScan, run the following command: sslscan demo.testfire.net.
  3. SSLScan will test the SSL certificate for the all the ciphers it supports. Weak ciphers will be shown in red and yellow.

How do I disable SSL verification? ›

Prepend GIT_SSL_NO_VERIFY=true before every git command run to skip SSL verification. This is particularly useful if you haven't checked out the repository yet. Run git config http. sslVerify false to disable SSL verification if you're working with a checked out repository already.

How do you check if ciphers are enabled? ›

How to find the Cipher in Chrome
  1. Launch Chrome.
  2. Enter the URL you wish to check in the browser.
  3. Click on the ellipsis located on the top-right in the browser.
  4. Select More tools > Developer tools > Security.
  5. Look for the line "Connection...". This will describe the version of TLS or SSL used.
Jan 14, 2023

Why disable SSH password authentication? ›

Disabling password authentication makes it more likely for you to be locked out of your server. You can become locked out if you lose your private key or break your ~/. authorized_keys file. If you are locked out, you will no longer be able to access the files of any apps.

How do I stop SSH from asking for permission? ›

So instead of setting StrictHostKeyChecking no in your ssh_config file, set StrictHostKeyChecking accept-new . If this flag is set to “yes”, ssh will never automatically add host keys to the $HOME/. ssh/known_hosts file, and refuses to connect to hosts whose host key has changed.

How do I bypass SSH username and password? ›

How do I pass a password to ssh client under Linux or UNIX operating systems? You need to use the sshpass command to pass the password on Linux or Unix command-line. It is a utility designed for running ssh using the mode referred to as “keyboard-interactive” password authentication, but in non-interactive mode.

What is the default SSH cipher? ›

By default, ssh uses 'chacha20-poly1305' cipher.

How to remediate deprecated SSH cryptographic settings? ›

The solution is to avoid using deprecated cryptographic settings. The best practices when configuring SSH are described in Security of Interactive and Automated Access Management Using Secure Shell (SSH). Changes can be made in the /etc/ssh/sshd_config file to disable the deprecated ciphers and key exchange algorithms.

Which cipher is the most secure? ›

AES encryption

One of the most secure encryption types, Advanced Encryption Standard (AES) is used by governments and security organizations as well as everyday businesses for classified communications. AES uses “symmetric” key encryption.

What is the weakest block cipher? ›

Electronic Code Book (ECB) is the simplest and weakest form of DES. It uses no initialization vector or chaining. Identical plaintexts with identical keys encrypt to identical ciphertexts.

Is a weak encryption a threat? ›

The internet allows more information than ever before to be accessible to more people than ever before, so weak encryption can pose extreme privacy and security risks. That is why it is important to be careful what information you put online, even if it is protected by a password.

Which cipher mode is best? ›

Between ECB and CBC mode, it is always better to choose CBC mode. As discussed above, ECB mode leaks information about the plaintext because identical plaintext blocks produce identical ciphertext blocks.

What are the two general approaches to attacking a cipher? ›

Cryptanalysis and Brute-Force Attack.

What is SSH ciphers? ›

SSH is a network protocol that provides secure access to a remote device. client. Cipher Suites for ClearPass as SSH Server lists the cipher suites supported when Policy Manager acts as an SSH. SSH is a network protocol that provides secure access to a remote device.

What are the two types of secure ciphers? ›

Transposition ciphers keep all the original bits of data in a byte but mix their order. Substitution ciphers replace specific data sequences with other data sequences.

What are the four 4 most secure encryption techniques? ›

Best Encryption Algorithms
  • AES. The Advanced Encryption Standard (AES) is the trusted standard algorithm used by the United States government, as well as other organizations. ...
  • Triple DES. ...
  • RSA. ...
  • Blowfish. ...
  • Twofish. ...
  • Rivest-Shamir-Adleman (RSA).
Nov 11, 2022

How do I turn off CBC cipher mode encryption? ›

To disable ALL CBC ciphers:
  1. Login to the WS_FTP Server manager and click System Details (bottom of the right column).
  2. Check the option to "Disable CBC Mode Ciphers", then click Save.
  3. Restart the WS_FTP Server services when prompted.
Dec 30, 2020

Is CBC still secure? ›

Microsoft believes that it's no longer safe to decrypt data encrypted with the Cipher-Block-Chaining (CBC) mode of symmetric encryption when verifiable padding has been applied without first ensuring the integrity of the ciphertext, except for very specific circumstances.

Why is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 considered weak? ›

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 may show up as weak when you performed a SSL report test. This is due to known attacks toward OpenSSL implementation. Dataverse uses Windows implementation that is not based on OpenSSL and therefore is not vulnerable.

How do I disable weak SSH cipher? ›

Answer
  1. Log in to the sensor with the root account via SSH or console connection.
  2. Edit the /etc/ssh/sshd_config file and add the following line: Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc.
  3. Restart the sshd service to make the changes take effect:
Mar 21, 2022

How do I disable weak cipher? ›

You can do this using GPO or Local security policy under Computer configuration -> Administrative Templates -> Network -> SSL Configuration Settings -> SSL Cipher Suite Order. Set this policy to enable. Each cipher suite should be separated with a comma. Remove as needed based on the list below.

How to disable SSH weak key exchange algorithms? ›

How to Disable Weak Key Exchange Algorithm and CBC Mode in SSH
  1. Step 1: Edit /etc/sysconfig/sshd and uncomment the following line. ...
  2. Step 2: Copy the following ciphers, MACs, and KexAlgorithms to /etc/ssh/sshd_config . ...
  3. Step 3: Verify the configuration file before restarting the SSH server.
Mar 4, 2022

Does TLS 1.2 use weak ciphers? ›

A cipher suite is identified as obsolete when one or more of the mechanisms is weak. Especially weak encryption algorithms in TLS 1.2 are designated as NULL, RC2, RC4, DES, IDEA, and TDES/3DES; cipher suites using these algorithms should not be used9.

How do I bypass unsafe TLS security settings? ›

The fix is easy: In the windows search box, near the Windows Start button, type Internet Options. Open the result “Internet options - control panel”. Then click the Advanced tab. Scroll down in the long list to “security” and make sure “use TLS 1.2” is checked.

How do you check if TLS 1.2 is disabled? ›

In the Windows menu search box, type Internet options. Under Best match, click Internet Options. In the Internet Properties window, on the Advanced tab, scroll down to the Security section. Check the User TLS 1.2 checkbox.

How to check ssh ciphers? ›

You can see what ciphers you have by doing this:
  1. sudo sshd -T | grep "\(ciphers\|macs\|kexalgorithms\)"
  2. sshd -T shows full SSHD config file.
  3. nmap -vv --script=ssh2-enum-algos.nse localhost.
  4. gnutls-cli -l.
  5. ssh -Q mac.
Dec 29, 2021

How do I disable ssh authentication? ›

  1. Log into SSH.
  2. Edit the file with your favorite editor: /etc/ssh/sshd_config.
  3. Lookup the variable: PasswordAuthentication and change 'no' to 'yes'
  4. Save and close the file.
  5. Run this command: service sshd reload.

How to disable SSL ciphers in Linux? ›

Procedure
  1. If the sslciphers. conf file does not exist, then create the file in the following locations. On Linux, the file is located in $NCHOME/etc/security/sslciphers.conf. ...
  2. Open the sslciphers. conf file. ...
  3. Within the sslciphers. conf file, depending on which cipher you must disable, edit one or more of the properties.

How to disable weak encryption SSL 2.0 and SSL 3.0 on Red Hat 7? ›

Resolution
  1. Make a backup of ssl.conf and edit the original. Satellite 5.2 and earlier: /etc/rhn/satellite-httpd/conf.d/ssl.conf. ...
  2. Comment out (by prefixing with "#"), or remove entries for SSLProtocol.
  3. Disable weak encryption by including the following line. SSLProtocol all -SSLv2 -SSLv3.
  4. Restart httpd:
Mar 26, 2021

How do I disable SSL static key ciphers? ›

The term for this is perfect forward secrecy. In summary to disable ssl-static-key-ciphers, you will need to remove RSA from the httpd configuration. To disable ssl-static-key-ciphers, you will need to add ! RSA to the httpd configuration.

How do I disable SSL conf? ›

Apache: How to Disable the SSL v3 Protocol
  1. Locate your SSL Protocol Configuration on your Apache server. For example, ...
  2. Add or update the following lines in your configuration: SSLProtocol all -SSLv2 -SSLv3. ...
  3. Restart Apache. For example, type the following command: ...
  4. You have successfully disabled the SSL v3 protocol.

How vulnerable is a weak cipher? ›

Vulnerabilities in SSL Suites Weak Ciphers is a Medium risk vulnerability that is also high frequency and high visibility. This is the most severe combination of security factors that exists and it is extremely important to find it on your network and fix it as soon as possible.

Videos

1. SSH - No matching KeyExchange/Cipher/MAC - Linux and Mac OSX
(Rob P)
2. How to Specify Ciphers / Encryption Algorithms for SSH Server
(GeorgiaSoftWorks)
3. Connectrix Brocade Series: How Security Scans Flag SSH CBC Ciphers and Weak MAC Algorithms
(Dell EMC)
4. CA API Gateway: SSH weak MAC Algorithms Enabled
(Educate)
5. Secure Remote Enable SSH Access and Disable Telnet Access (Cisco Device Security) | Video 3 |
(engrabdinasir)
6. cipher "sweet" (vpn using palo-alto and cisco router)
(Romar R)

References

Top Articles
Latest Posts
Article information

Author: Rob Wisoky

Last Updated: 01/11/2023

Views: 6092

Rating: 4.8 / 5 (48 voted)

Reviews: 87% of readers found this page helpful

Author information

Name: Rob Wisoky

Birthday: 1994-09-30

Address: 5789 Michel Vista, West Domenic, OR 80464-9452

Phone: +97313824072371

Job: Education Orchestrator

Hobby: Lockpicking, Crocheting, Baton twirling, Video gaming, Jogging, Whittling, Model building

Introduction: My name is Rob Wisoky, I am a smiling, helpful, encouraging, zealous, energetic, faithful, fantastic person who loves writing and wants to share my knowledge and understanding with you.