1.6.2 Ensure 'SSH version 2' is enabled

Information

Sets the SSH version to 2

Rationale:

SSH is an application running on top of a reliable transport layer, such as TCP/IP, that provides strong authentication and encryption capabilities. The ASA allows SSH connections to the ASA for management purposes. The ASA supports the SSH remote shell functionality provided in SSH Versions 1 and 2. However, SSH version is known to be a vulnerable protocol that can be exploited by attackers.

Solution

Run the following to enable SSH version 2

hostname(config)# ssh version 2

Default Value:

By default, the security appliance allows both SSH Version 1 and Version 2

See Also

https://workbench.cisecurity.org/benchmarks/7194

Item Details

Category: ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AC-17, 800-53|AC-17(1), 800-53|AC-17(3), 800-53|SC-7, 800-53|SI-4, CSCv7|11.6

Plugin: Cisco

Control ID: f554ed490c635549fcbdd19b9bdd37dc1ee571d24fec5b3651bf0611467e9203