Ciphers – Cisco N9K

I was looking to disable hmac-sha1 on the Cisco N9K running 9.x code version. There wasn’t a simple command to make the change. The following steps will help in removing the weak ciphers by directly editing the sshd file on the Cisco Nexus 9K platform.

(config)# feature bash-shell run bash
bash-4.3$ sudo su root
bash-4.3# cd /isan/etc/
bash-4.3# vi dcos_sshd_config

After editing the file, save the configuration. An nmap scan should show that the weak hmac-sha1 has been removed.

nmap --script ssh2-enum-algos

Leave a Reply