NET1647 - The network element must not allow SSH Version 1

Information

The network element must not use SSH Version 1 for administrative access.

SSH Version 1 is a protocol that has never been defined in a standard. Since SSH-1 has inherent design flaws which make it vulnerable to, e.g., man-in-the-middle attacks, it is now generally considered obsolete and should be avoided by explicitly disabling fallback to SSH-1.

Solution

Configure the network element to use SSH version 2.

See Also

https://iasecontent.disa.mil/stigs/zip/U_Network_Perimeter_Router_L3_Switch_V8R32_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7, CAT|II, Rule-ID|SV-15459r4_rule, STIG-ID|NET1647, Vuln-ID|V-14717

Plugin: Cisco

Control ID: 24c425b8bf48125e3562fe424287d7cc3185751ec72b64fc625f308ee763efb0