Added Cisco SB SSH key exchange exemption for deprecated weak algos
This commit is contained in:
Marcel Straub
@@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Network architecture
|
||||
weight: 2
|
||||
weight: 1
|
||||
#bookFlatSection: false
|
||||
bookToc: true
|
||||
# bookHidden: false
|
||||
|
||||
@@ -1,16 +1,32 @@
|
||||
---
|
||||
title: Cisco Small Business Switches
|
||||
descriptions: empty description
|
||||
descriptions: Setup of a Cisco Small Business switch, mainly the SG300 and SG350XG lines.
|
||||
summary: empty summary
|
||||
weight: 2
|
||||
#weight: 2
|
||||
categories:
|
||||
- Shell
|
||||
- zsh
|
||||
- Cisco
|
||||
tags:
|
||||
- .zshrc
|
||||
- Cisco
|
||||
- SSH
|
||||
- Keys
|
||||
---
|
||||
# Caput vino delphine in tamen vias
|
||||
|
||||
## Cognita laeva illo fracta
|
||||
# SSH login with newer OpenSSH versions
|
||||
Newer SSH versions, e.g. OpenSSH 8.4p1 of Ubuntu 20.10, are more restrictive on the key exchange algorithms they allow for connecting to servers because these algorithms are weak from a todays point of view, see [OpenSSH Legacy documentation](https://www.openssh.com/legacy.html) for details. At least for my SG350X, I hope that there will be a firmware update in the future providing support of modern SSH key exchange algorithms.
|
||||
|
||||
Lorem markdownum pavent auras, surgit nunc cingentibus libet **Laomedonque que**
|
||||
Nevertheless, it's my local network and it is quite safe. So you just need to configure an exception for these hosts to use the older algorithmens. That's achieved by adding them to your ``~/.ssh/config`` file:
|
||||
```ini
|
||||
host sg300-kg-server
|
||||
KexAlgorithms +diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
|
||||
user cisco
|
||||
```
|
||||
|
||||
## Current software releases installed on my switches
|
||||
|
||||
|Hostname|Model|Installed version (build date)|Most current version|
|
||||
|--|--|--|--|
|
||||
|sg350-kg-1|SG350X-24P-K9|2.5.8.15 (2021-11-16)|2.5.8.15 (2021-11-16)| # images_tesla__hybrid...
|
||||
|sg300-kg-server|SG300-20|1.4.11.5 (2020-04-08)|1.4.11.5|
|
||||
|sg300-dg-1|SG300-10P|1.4.11.5 (2020-04-08)|1.4.11.5|
|
||||
|
||||
# Configuring SSH public key authentication
|
||||
13
content/docs/network/mikrotik-switch.md
Normal file
13
content/docs/network/mikrotik-switch.md
Normal file
@@ -0,0 +1,13 @@
|
||||
---
|
||||
title: Mikrotik Switch Setup
|
||||
descriptions: Configuration of Mikrotik switches
|
||||
summary: empty summary
|
||||
#weight: 2
|
||||
categories:
|
||||
- Cisco
|
||||
tags:
|
||||
- Cisco
|
||||
- SSH
|
||||
- Keys
|
||||
---
|
||||
# test
|
||||
Reference in New Issue
Block a user