In various cisco IOS devices this is quite easy todo;
( sample cfg )
config term
ip ssh logging events
ip ssh server algorithm encryption aes256-ctr aes192-ctr aes128-ctr
!
ip access-list standard SSHACCESS
permit 10.13.1.0 0.0.0.255
permit 10.12.22.0 0.0.0.255
remark " PLACE MANAGEMENT NETWORKS HERE"
!
line vty 0 97
session-timeout 10
access-class SSHACCESS in vrf-also
exec-timeout 30 0
logging synchronous
length 0
transport input ssh
transport output none
~
Use the vrf-also if you are running VRFs.
Run a open ssh client with the verbose -v switch and supply inferiors CBC ciphers and ensure they are not allowed.
e.g testing a ASR for support of a CBC cipher
Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \
No comments:
Post a Comment