AnsweredAssumed Answered

Deprecated SSH Cryptographic settings diffie-hellman-group1-sha1

Question asked by Tarun Pahuja on Jan 15, 2020
Latest reply on Jan 15, 2020 by Mina Medel

Folks,

             We have a lot of Cisco Devices running a fairly recent code (Nexus, IOS, Catalyst). Our Qualys network vulnerability scanner is complaining about deprecated SSH Cryptographic settings  and use of diffie-hellman-group1-sha1.

 

I have verified that the ssh settings on devices is correct and we are using the longest key ( 2048 and 4096 on some devices that support is).

 

Any Ideas how to deal with this vulnerability in Cisco Infrastructure. We have opened up TAC cased and TAC has confimed that the ssh setting are correct and we are using strong cihers and keys,

 

Thanks,

Tarun

Outcomes