Information
Specify the version of Secure Shell (SSH) to be run on a router
Rationale:
SSH Version 1 has been subject to a number of serious vulnerabilities and is no longer considered to be a secure protocol, resulting in the adoption of SSH Version 2 as an Internet Standard in 2006.
Cisco routers support both versions, but due to the weakness of SSH Version 1 only the later standard should be used.
Impact:
To reduce the risk of unauthorized access, organizations should implement a security policy to review their current protocols to ensure the most secure protocol versions are in use.
Solution
Configure the router to use SSH version 2
hostname(config)#ip ssh version 2
Default Value:
SSH is not enabled by default. When enabled, SSH operates in compatibility mode (versions 1 and 2 supported).
Item Details
Category: CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
References: 800-53|CM-1, 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, CSCv7|5.1
Control ID: 2b44081f5f9e2a2db34f9d67299181b7234ac42df756c80ca07a2cb3fc9dee45