Disable Weak SSH and SSL Ciphers on Cisco IOS
It amazes me how many network vendors still release software with weak ciphers enabled. Cisco is no exception to this. Any time you enable remote access to a device, job 1 is to lock it down and perform any hardening you can.
In this tutorial I will explain how to disable insecure SSH and SSL ciphers on Cisco IOS, IOS-XE, and IOS-XR switches and routers. In the simplest terms, you need to:
- Upgrade IOS for better crypto
- Disable the old SSH v1 protocol
- Remove weak ciphers and mac algorithms for SSH from config
- Generate stronger keys
- Remove weak ciphers for SSL from config
- Disable TLS 1.0 and 1.1
Let’s get started.
Securing SSH ciphers on Cisco IOS switches and routers – step-by-step
Step 1. Update IOS
The first step is to make sure you update IOS. There were several SSH and SSL ciphers and commands enabled starting in Cisco IOS 15.5(2)S, Cisco IOS XE 3.15S, Cisco IOS XE Everest 16.5.1b, and Cisco IOS XE Amsterdam 17.3. If you run a command in this guide and it doesn’t work, you probably need to update your code.
Step 2. Check current SSH settings
First, let’s look at the default SSH setup:
show ip ssh SSH Enabled - version 1.99 Authentication methods:publickey,keyboard-interactive,password Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa Hostkey Algorithms:x509v3-ssh-rsa,ssh-rsa Encryption Algorithms:aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbcc MAC Algorithms:hmac-sha1,hmac-sha1-96,hmac-sha2-256,hmac-sha2-512 Authentication timeout: 120 secs; Authentication retries: 3 Minimum expected Diffie Hellman key size : 1024 bits IOS Keys in SECSH format(ssh-rsa, base64 encoded): TP-self-signed-1676064512 Ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQC4b+fs2erCMy4KKX/Vq9NwEFcKWCcFQodjTIbaLKgMjxkpMUyAkOVQ3RypQzFK1sfx wHspap+mPAl7i9wyVPcoj0SAvlCTgMTa6oOAtZsxpGOoh8kPFYKtm5RWu/lFvbNhSPrfmxAHwPBGhCjMLbOSVut19KSGizLD138OIgjI ew==
This shows:
- SSH version 1.99 enabled (supports v1 and v2)
- Weak ciphers like 3des-cbc
- Weak hmac algorithms like hmac-sha1
To avoid failing a pen test, we need to disable SSH v1 and remove the weak aes-cbs and 3des ciphers and hmac algorithms.
Step 3. Disable SSH v1
SSH v1 is insecure and should be disabled. Enter the following command:
ip ssh version 2
Step 4. Remove weak SSH ciphers
Remove the weak CBC and 3DES algorithm encryption ciphers. Enter the following command:
ip ssh server algorithm encryption aes256-ctr aes192-ctr aes128-ctr
Remove the weak mac algorithms. Enter the following commands:
ip ssh server algorithm mac hmac-sha2-256 hmac-sha2-512
no ip ssh server algorithm mac hmac-sha1
no ip ssh server algorithm mac hmac-sha1-96
Step 5. Generate stronger keys
Once the weak ciphers are removed, we want to harden SSH. Lets generate 4096 bit RSA keys for better security. Enter the following commands:
crypto key generate rsa modulus 4096 label SSHKEYS
ip ssh rsa keypair-name SSHKEYS
Let’s also increase the minimum key size for clients:
ip ssh dh min size 2048
Step 6. Verify the changes
Now we need to verify the new secure SSH settings. Let’s do a show ip ssh again:
show ip ssh SSH Enabled - version 2.0 Authentication methods:publickey,keyboard-interactive,password Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa Hostkey Algorithms:x509v3-ssh-rsa,ssh-rsa Encryption Algorithms:aes256-ctr,aes192-ctr,aes128-ctr MAC Algorithms:hmac-sha2-256,hmac-sha2-512 KEX Algorithms:diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 Authentication timeout: 120 secs; Authentication retries: 3 Minimum expected Diffie Hellman key size : 2048 bits IOS Keys in SECSH format(ssh-rsa, base64 encoded): SSH-KEYS Modulus Size : 4096 bits ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQC4b+fs2erCMy4KKX/Vq9NwEFcKWCcFQodjTIbaLKgMjxkpMUyAkOVQ3RypQzFK1sfx wHspap+mPAl7i9wyVPcoj0SAvlCTgMTa6oOAtZsxpGOoh8kPFYKtm5RWu/lFvbNhSPrfmxAHwPBGhCjMLbOSVut19KSGizLD138OIgjI ew==
Now we see SSH v1 is disabled and weak ciphers and hmacs have been removed. In our guide on configuring SSH on Cisco IOS devices we listed out some additional SSH hardening you can take advantage of as well.
Securing SSL ciphers on Cisco IOS switches and routers – step-by-step
Step 1. Check current SSL configuration
Let’s go ahead and verify the current SSL configuration:
show ip http server all
HTTP server status: Disabled
HTTP server port: 80
HTTP server authentication method: local
HTTP server access class: 0
HTTP server base path: flash:/
HTTP server help root:
Maximum number of concurrent server connections allowed: 16
Maximum number of secondary server connections allowed: 5
Server idle time-out: 180 seconds
Server life time-out: 180 seconds
Server session idle time-out: 180 seconds
Maximum number of requests allowed on a connection: 25
HTTP server active session modules: ALL
HTTP secure server capability: Present
HTTP secure server status: Enabled
HTTP secure server port: 443
HTTP secure server ciphersuite: dhe-aes-128-cbc-sha dhe-aes-256-cbc-sha
edche-rsa-aes-256-cbc-sha edche-rsa-rc4-128-sha
HTTP secure server TLS version: TLSv1.2 TLSv1.1 TLSv1.0
HTTP secure server client authentication: Disabled
HTTP secure server trustpoint:
HTTP secure server active session modules: ALL
We can see dhe-aes-128-cbc-sha and edche-rsa-rc4-128-sha are enabled, as is TLSv1.1 and 1.0. Not great.
Step 2. View available cipher suites
Now lets see what cipher suites are available:
ip http secure-ciphersuite ? aes-128-cbc-sha Encryption type tls_rsa_with_aes_cbc_128_sha ciphersuite aes-256-cbc-sha Encryption type tls_rsa_with_aes_cbc_256_sha ciphersuite dhe-aes-128-cbc-sha Encryption type tls_dhe_rsa_with_aes_128_cbc_sha ciphersuite edche-rsa-aes-256-cbc-sha Encryption type tls_ecdhe_rsa_aes_256_cbc_sha ciphersuite
This shows all the ciphers that are available are enabled.
Step 3. Remove weak SSL ciphers
Remove the crappy ciphers by setting the approved cipher suite. Enter the following command:
ip http secure-ciphersuite edche-rsa-aes-256-cbc-sha aes-256-cbc-sha
Step 4. View available TLS versions
Now let’s check what TLS versions are available:
ip http tls-version ? TLSv1.0 Set TLSv1.0 version Only TLSv1.1 Set TLSv1.1 version Only TLSv1.2 Set TLSv1.2 version Only
Step 5. Disable weak TLS (TLS 1.0 and 1.1)
TLS 1.0 and 1.1 are no good. If these are left enabled you will definitely fail a pen test. We need to disable them since TLS 1.2 is available. Enter the following command:
ip http tls-version tlsv1.2
Step 6. Verify the changes
Now we need to verify the new secure SSL settings. Let’s do a ‘show ip http server all’ again:
sh ip http server all HTTP server status: Disabled HTTP server port: 80 HTTP server authentication method: local HTTP server access class: 0 HTTP server base path: flash:/ HTTP server help root: Maximum number of concurrent server connections allowed: 16 Maximum number of secondary server connections allowed: 5 Server idle time-out: 180 seconds Server life time-out: 180 seconds Server session idle time-out: 180 seconds Maximum number of requests allowed on a connection: 25 HTTP server active session modules: ALL HTTP secure server capability: Present HTTP secure server status: Enabled HTTP secure server port: 443 HTTP secure server ciphersuite: edche-rsa-aes-256-cbc-sha aes-256-cbc-sha HTTP secure server TLS version: TLSv1.2 HTTP secure server client authentication: Disabled HTTP secure server trustpoint: HTTP secure server active session modules: ALL
Now only TLS 1.2 is enabled with a secure AES cipher suite.
You can also regenerate the self-signed certificate with a stronger signature algorithm like SHA-256.
Of course, if you don’t need the web interface for admin of your device, you would be better off just disabling it using the ‘no ip http server’ command. It’s not good security to leave services enabled that you don’t use even if they are hardened.
As always, make sure to save your config (write mem or copy run start) when you’re finished.
