Hubbard on Networking: SSH

Showing posts with label SSH. Show all posts

Sunday, June 21, 2020

Disable Weak SSH/SSL Ciphers in Cisco IOS

For backward compatibility, most companies still ship deprecated, weak SSH, and SSL ciphers. Cisco is no exception. For the security of your network and to pass a penetration test you need to disable the weak ciphers, disable SSH v1 and disable TLS versions 1.0 and 1.1.

Firefox, Chrome and Microsoft all have committed to dropping support for TLS1.1. Firefox had actually done it in May 2020 but so many US Government sites quit working (during the Covid19 Hysteria) that they rolled back. Microsoft has set July 2020 to remove TLS 1.0/1.1 from IE, Edge Legacy, and Edge Chromium.

This blog covers Cisco IOS software. I plan to do another blog on IOS-XE and Nexus in the future.

Cisco has this document listing the Next Generation Encryption that is supported.

For IOS-XE, this document has a lot of detail. Search for "ip ssh"

SSH

Network device manufacturers (all of them I think) enabling SSH v1 by default really bothers me. Most Windows users connect with Putty which supports SSH v2. You should set Putty to default to SSH V2:

MAC/Linux users will be using OpenSSh which also supports SSH V2. You may run into situations on MAC/Linux where the weak ciphers are used and OpenSSH won't connect.

You will see a message similar to

ssh mhubbard@10.20.1.7
Unable to negotiate with 10.20.1.7 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

This is easy to resolve:

1. Open the SSH config file - gedit ~/.ssh/config
2. Add the necessary host IP and ciphers. KEX is Key Exchange:
        host 10.20.1.7
              KexAlgorithms +diffie-hellman-group1-sha1
              Ciphers 3des-cbc

On a really old switch, I ran into a host key exchange algorithm that I had never even heard of "ssh-dss". I had to add HostKeyAlgorithms=+ssh-dss to connect.

If you will only log into this device once or twice you can use the following without modifying the SSH config file:

ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 10.20.1.7

You can use the "-G" switch and SSH will show you the ciphers that SSH is offering:

ssh -G mhubbard@10.20.1.7

The OpenSSH site has a page dedicated to legacy ciphers
openssh legacy ciphers

Removing weak SSH algorithms

All of the commands shown are from a 2960x running:
Version 15.2(4)E8 - Mainstream deployment (MD) from 18-Mar-2019

First, let's look at the default SSH setup

show ip ssh

SSH Enabled - version 1.99
Authentication methods:publickey,keyboard-interactive,password
Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa
Hostkey Algorithms:x509v3-ssh-rsa,ssh-rsa
Encryption Algorithms:aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbcc
MAC Algorithms:hmac-sha1,hmac-sha1-96
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded): TP-self-signed-1676064512
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCjsPhP/zpPgra0d3wzzt8fDZnKL4sUtCh0DVmV0fH6
m+/Xke7IRMvxg2OEk333uHlKD+Ww6w8D2eMOzY7/R6edHA4UtKXwohJN1OZKS1ltL4tDSZSIeLO3juOL
GfxKBtvGd30Y2jzYYMmTQGP9u1VrKdQRKAU13/c+iOiQPi3Q4w==

The "version 1.99" means that it supports SSH v1 and v2. We want to disable v1 and remove the cbc and 3Des ciphers. These are "Cipher Block Chain" algorithms and will cause a failure during a penetration test.

From global configuration mode enter the following:

ip ssh version 2 !disable V1

ip ssh server algorithm encryption aes256-ctr aes128-ctr

ip ssh server algorithm mac hmac-sha1

no ip ssh server algorithm mac hmac-sha1-96

You should also perform the following to harden SSH

crypto key generate rsa modulus 4096 label SSH-KEYS

!Note that generating 4096 bit keys can take up to 3 minutes.

ip ssh rsa keypair-name SSH-KEYS !associate keys to SSH

!set minimum bit size for client connection                                

ip ssh dh min size 2048

Let's see what SSH looks like now:

show ip ssh

SSH Enabled - version 2.0
Authentication methods:publickey,keyboard-interactive,password
Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa
Hostkey Algorithms:x509v3-ssh-rsa,ssh-rsa
ip ssh server algorithm encryption aes256-ctr aes128-ctr
MAC Algorithms:hmac-sha1
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 2048 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded): SSH-KEYS
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5KQxmPn8tyfK+9fq6NC75whEQD02POopz9SE/SKeP
ibO8KM7kSVdwy7anUhmgiX5jGmpecTFoP+txdA+KuEszAL5x8aeNZsPAykqBU6JClIz3fnMKjgoIqFlZ
mwhL0Qow4OGrd52EkRNRxAc2TYpBr5p0ICdaxeHd7etzgXjkwcZpQ1e2kqvV9XU94LBO1R93AgYYLCsT
nFsKga4tvvikXqKuwe3tfWKzNfO4LY1mZE9FXecoNW0Kb8p4U/pO/w69oEbHmmH7BfgWSHCCVZlgBhcf
DtJa+oVnqHrMwVza+ViTMQLghvt63zewvTN2I235K6W+GhgUmx6p+Q62Rsrfrc+4K5ECVKNf7fzmlg6X
Zs+P3WKgP8rh2z7ObTT917pp1VXw4pUkeqCCtMEmkiICO0TzU1dXyuoEPNGeES8wxYOSdaMA0DGEL34p
Ccb6hb1RQbHjSjQZfDOXaZ0UwXtVJ07v7PR7fOhFHem58w2P+qmCwnEYFZrZhizR1y1SUDxs6Z7vZV98
cyoTo98dWG4WDGiHM1loLq3SA3OMfceq5g2waPVBNmpZlzXitCTern1bZ15zdLvhxY1589A/TaSZuMeP
lhjQ1mlYp3qf0Jt7eoaWNPRV/i0VUaRfxNBefiNBI5pS8ybj3bhfWpZe8QOOMAHRahAPPI9PasOBuMHR

In 2020, this is still pretty lame, but keep reading! Cisco has been adding newer ciphers and removing some deprecated ciphers in newer IOS versions. You can check what's available on your version using:

test(config)#ip ssh server algorithm encryption ?

3des-cbc Three-key 3DES in CBC mode
aes128-cbc AES with 128-bit key in CBC mode
aes128-ctr AES with 128-bit key in CTR mode
aes192-cbc AES with 192-bit key in CBC mode
aes192-ctr AES with 192-bit key in CTR mode
aes256-cbc AES with 256-bit key in CBC mode
aes256-ctr AES with 256-bit key in CTR mode

test(config)#ip ssh server algorithm mac ?

hmac-sha1 HMAC-SHA1 (digest length = key length = 160 bits)
hmac-sha1-96 HMAC-SHA1-96 (digest length = 96 bits, key length = 160 bits)

If you look at Authentication in the output you notice that Public key is an option. I wrote a blog showing how to use SSH keys instead of passwords -
Authenticating to Cisco devices using SSH keys

Weak SSL ciphers

First, we will look at the current secure server settings. To see all possible secure server settings:

sh ip http server

all             HTTP server all information
connection      HTTP server connection information
external        HTTP external registration
history         HTTP server history information
secure          HTTP secure server status information
session-module HTTP server application session module information
statistics      HTTP server statistics information
status          HTTP server status information

sh ip http server all

HTTP server status: Disabled
HTTP server port: 80
HTTP server authentication method: local
HTTP server access class: 0
HTTP server base path: flash:/c2960x-universalk9-mz.152-4.E8/html
HTTP server help root:
Maximum number of concurrent server connections allowed: 16
Maximum number of secondary server connections allowed: 5
Server idle time-out: 180 seconds
Server life time-out: 180 seconds
Server session idle time-out: 180 seconds
Maximum number of requests allowed on a connection: 25
HTTP server active session modules: ALL
HTTP secure server capability: Present
HTTP secure server status: Enabled
HTTP secure server port: 443
HTTP secure server ciphersuite: dhe-aes-128-cbc-sha dhe-aes-256-cbc-sha
edche-rsa-aes-256-cbc-sha edche-rsa-rc4-128-sha
HTTP secure server client authentication: Disabled
HTTP secure server trustpoint:
HTTP secure server active session modules: ALL

To see who is connected to the switch over TLS:

sh ip http server connection

HTTP server current connections:
local-ipaddress:port remote-ipaddress:port in-bytes out-bytes
192.168.10.31:443 192.168.10.211:55014 1394 586227

Viewing available current cipher suites

ip http secure-ciphersuite ?

aes-128-cbc-sha            Encryption type tls_rsa_with_aes_cbc_128_sha
                             ciphersuite
aes-256-cbc-sha            Encryption type tls_rsa_with_aes_cbc_256_sha
                             ciphersuite
dhe-aes-128-cbc-sha        Encryption type tls_dhe_rsa_with_aes_128_cbc_sha
                             ciphersuite
dhe-aes-256-cbc-sha        Encryption type tls_dhe_rsa_with_aes_256_cbc_sha
                             ciphersuite
edche-rsa-aes-256-cbc-sha Encryption type tls_ecdhe_rsa_aes_256_cbc_sha
                             ciphersuite
edche-rsa-rc4-128-sha      Encryption type tls_ecdhe_rsa_rc4_128_sha
                             ciphersuite
null-sha                   Encryption type tls_rsa_with_null_sha ciphersuite

Notice that rc4 and Null are supported!

To verify what was being offered by the switch I ran the nmap ssl-cert and ciphers script.

sudo nmap --script ssl-cert,ssl-enum-ciphers -p 443 192.168.10.31

Nmap scan report for 10.241.3.40
Host is up, received echo-reply ttl 254 (0.10s latency).
Scanned at 2020-06-18 15:28:06 PDT for 3s

PORT     STATE SERVICE       REASON
443/tcp open   https         syn-ack ttl 254
| ssl-cert: Subject: commonName=IOS-Self-Signed-Certificate-1302447744
| Issuer: commonName=IOS-Self-Signed-Certificate-1302447744
| Public Key type: rsa
| Public Key bits: 1024
| Signature Algorithm: sha1WithRSAEncryption
| Not valid before: 2020-06-16T22:55:16
| Not valid after: 2030-01-01T00:00:00
| MD5:   c522 61ff 31c4 c9aa 971d 7cfd 4eb7 14de
| SHA-1: 50fb 7c7d d6a8 86c0 ba67 1293 11d7 f529 058e e1de
| -----BEGIN CERTIFICATE-----
| MIICKzCCAZSgAwIBAgIBATANBgkqhkiG9w0BAQUFADAxMS8wLQYDVQQDEyZJT1Mt
| U2VsZi1TaWduZWQtQ2VydGlmaWNhdGUtMTMwMjQ0Nzc0NDAeFw0yMDA2MTYyMjU1
| MTZaFw0zMDAxMDEwMDAwMDBaMDExLzAtBgNVBAMTJklPUy1TZWxmLVNpZ25lZC1D
| ZXJ0aWZpY2F0ZS0xMzAyNDQ3NzQ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
| gQDCgxwOBYowFY7GgS3Q81u6CRTzcaEb2SwZvzSsjTLmHPqrB7OYgGukAgs19+Xa
| 8jRS3jY4Q492RtpyBAb4BU9naHXRKvD2zB5e9QDreeFOf73If6f8V/BtjqSozYZW
| N0RPpgqIWVbgQbkr1eBbnXgE1/TO7czYcjae/OTSZwQL1QIDAQABo1MwUTAPBgNV
| HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFDL08Ihv1OFKYBqkbHJ5wpXt3G7IMB0G
| A1UdDgQWBBQy9PCIb9ThSmAapGxyecKV7dxuyDANBgkqhkiG9w0BAQUFAAOBgQCH
| GxSZ29CUBrvCkDU4knDw9WmdLKqgMl88+dpZmOO758+o4B8lMT0f+Ixny7drFIJ7
| rrkhrqpCHnLDJtXYcINiaKASs3tPIpQ21nQ1r5WTdW8GqaTVcOBIFG0KWlJGVmsF
| RepCnGblGV/3mrUWImNU8xwY+uZS2vAFKAVXYVLk5w==
|_-----END CERTIFICATE-----
| ssl-enum-ciphers:
|   TLSv1.1:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|     compressors:
|       NULL
|     cipher preference: client
|     warnings:
|       Weak certificate signature: SHA1
|   TLSv1.2:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|     compressors:
|       NULL
|     cipher preference: client
|     warnings:
|       Weak certificate signature: SHA1
|_ least strength: A
465/tcp closed smtps         reset ttl 254
993/tcp closed imaps         reset ttl 254
995/tcp closed pop3s         reset ttl 254
3389/tcp closed ms-wbt-server reset ttl 254

NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 15:28
Completed NSE at 15:28, 0.00s elapsed
Read data files from: /usr/local/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 2.71 seconds
           Raw packets sent: 9 (372B) | Rcvd: 6 (232B)

To secure TLS I upgraded to 15.2.7E2. This release allows TLS 1.0 and 1.1 to be disabled. To pass a penetration test you will need to disable both. Once the upgrade is complete run the following:

test(config)#ip http secure-ciphersuite ?

aes-128-cbc-sha            Encryption type tls_rsa_with_aes_cbc_128_sha ciphersuite
aes-256-cbc-sha            Encryption type tls_rsa_with_aes_cbc_256_sha ciphersuite
dhe-aes-128-cbc-sha        Encryption type tls_dhe_rsa_with_aes_128_cbc_sha ciphersuite
edche-rsa-aes-256-cbc-sha Encryption type tls_ecdhe_rsa_aes_256_cbc_sha ciphersuite

test(config)#ip http secure-ciphersuite edche-rsa-aes-256-cbc-sha aes-256-cbc-sha

test(config)#ip http tls-version ?

TLSv1.0 Set TLSv1.0 version Only
TLSv1.1 Set TLSv1.1 version Only
TLSv1.2 Set TLSv1.2 version Only

test(config)#ip http tls-version tlsv1.2

To verify, I re-ran the nmap ssl-cert and ciphers scripts. This time only TLS 1.2 is enabled.

sudo nmap --script ssl-cert,ssl-enum-ciphers -p 443 192.168.10.31

Nmap scan report for 192.168.10.31
Host is up, received echo-reply ttl 254 (0.0072s latency).
Scanned at 2020-06-18 15:50:03 PDT for 3s

PORT    STATE SERVICE REASON
443/tcp open https   syn-ack ttl 254
| ssl-cert: Subject: commonName=IOS-Self-Signed-Certificate-1302447744
| Issuer: commonName=IOS-Self-Signed-Certificate-1302447744
| Public Key type: rsa
| Public Key bits: 1024
| Signature Algorithm: sha1WithRSAEncryption
| Not valid before: 2020-06-16T22:55:16
| Not valid after: 2030-01-01T00:00:00
| MD5:   c522 61ff 31c4 c9aa 971d 7cfd 4eb7 14de
| SHA-1: 50fb 7c7d d6a8 86c0 ba67 1293 11d7 f529 058e e1de
| -----BEGIN CERTIFICATE-----
| MIICKzCCAZSgAwIBAgIBATANBgkqhkiG9w0BAQUFADAxMS8wLQYDVQQDEyZJT1Mt
| U2VsZi1TaWduZWQtQ2VydGlmaWNhdGUtMTMwMjQ0Nzc0NDAeFw0yMDA2MTYyMjU1
| MTZaFw0zMDAxMDEwMDAwMDBaMDExLzAtBgNVBAMTJklPUy1TZWxmLVNpZ25lZC1D
| ZXJ0aWZpY2F0ZS0xMzAyNDQ3NzQ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
| gQDCgxwOBYowFY7GgS3Q81u6CRTzcaEb2SwZvzSsjTLmHPqrB7OYgGukAgs19+Xa
| 8jRS3jY4Q492RtpyBAb4BU9naHXRKvD2zB5e9QDreeFOf73If6f8V/BtjqSozYZW
| N0RPpgqIWVbgQbkr1eBbnXgE1/TO7czYcjae/OTSZwQL1QIDAQABo1MwUTAPBgNV
| HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFDL08Ihv1OFKYBqkbHJ5wpXt3G7IMB0G
| A1UdDgQWBBQy9PCIb9ThSmAapGxyecKV7dxuyDANBgkqhkiG9w0BAQUFAAOBgQCH
| GxSZ29CUBrvCkDU4knDw9WmdLKqgMl88+dpZmOO758+o4B8lMT0f+Ixny7drFIJ7
| rrkhrqpCHnLDJtXYcINiaKASs3tPIpQ21nQ1r5WTdW8GqaTVcOBIFG0KWlJGVmsF
| RepCnGblGV/3mrUWImNU8xwY+uZS2vAFKAVXYVLk5w==
|_-----END CERTIFICATE-----
| ssl-enum-ciphers:
|   TLSv1.2:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 1024) - A
|     compressors:
|       NULL
|     cipher preference: client
|     warnings:
|       Weak certificate signature: SHA1
|_ least strength: A

NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 15:50
Completed NSE at 15:50, 0.00s elapsed
Read data files from: /usr/local/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 2.99 seconds
           Raw packets sent: 5 (196B) | Rcvd: 2 (72B)

Results

You can see that it still uses SHA1 as the certificate signature. You can use Ciphersuite Info to compare different ciphers.

What about SSH?

Let's see what's new for SSH in 15.7.2E2.

ip ssh server algorithm mac ?

hmac-sha1      HMAC-SHA1 (digest length = key length = 160 bits)
hmac-sha1-96   HMAC-SHA1-96 (digest length = 96 bits, key length = 160 bits)
hmac-sha2-256 HMAC-SHA2-256 (digest length = 256 bits, key length = 256
                 bits)
hmac-sha2-512 HMAC-SHA2-512 (digest length = 512 bits, key length = 512
                 bits)

ip ssh serv algorithm encryption ?

ip ssh server algorithm mac hmac-sha2-256 hmac-sha2-512

Then remove the sha1 hmacs

no ip ssh server algorithm mac hmac-sha1
no ip ssh server algorithm mac hmac-sha1-96

And now the encryption

ip ssh server algorithm encryption aes256-ctr aes192-ctr aes128-ctr

The results

show ip ssh

SSH Enabled - version 2.0
Authentication methods:publickey,keyboard-interactive,password
Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa
Hostkey Algorithms:x509v3-ssh-rsa,ssh-rsa
Encryption Algorithms:aes256-ctr,aes192-ctr,aes128-ctr
MAC Algorithms:hmac-sha2-256,hmac-sha2-512
KEX Algorithms:diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 2048 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded): SSH-KEYS
Modulus Size : 4096 bits
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCsyuZ8/lMCNHSLREb6vGQoBVehYQQI0+eJlanuyq5
f+iTqFcceR7vvXP14JhHmXe2lkygOZ8VIeilMJkpS8q748TaBL9QfmUAdDkbbk1wYPNKM2sLn/ACuerf
ImNa4vQFNaP28zqaCMhre/Z0DCRJvDnOXs2fepQnQZ6ZvbOgwMRw6rvTiLcPYlB46VlaS6T1ogEbsPLz
HG1e2UeGOnxyIU9j99+sUq3h5omoxtOd33c7ygyBgghBm+G4rHoD4EsJmejK2/Ai1PsjHIN16EaTAB0Y
MiIFByAYr4/Hr+6ANejxDrFpeY3DDBTvXIcES3S+C/Ch6JEoFVfHufc5ni8OReE7KQhrBctNfhoXvFRO
wITNNyyu/jk1LLDTaLFbL/auw/eXGXlXXerWRFY6HvmAbQannl9wryvy97Hm4LJVO+DtTspwvw4IKrQT
HDMdyXvTI6RMjIlGb/7hiUeFb33wx7sw/DwkgjyUCWh8R8nCEoLfpz7qOchW2/WSj+608m62Eh6WDy5q
qkDpstQRD7AbE2OBtiuYgYJaNJfZ1qhIQXlvtQCTgRRS2TvInnoGg+STD2+lWR5WufgKEO778tNDXt3H
YRSdD2N1YcjXG+y0hB/xjvWSoMkr+G2Btxtm8QPgvXQRe9aFU/kALMBKBJ6Q+rDXr2QbyA7zpDudkAn3

Security Header Enhancements

For IOS-XE devices, starting with 16.4.1, the Nginx/HTTP headers have the following settings for increased security:

Nginx – Web user interface -

Nginx applications take care of the headers for their response. As Web UI is one of the NginX application, it adds the security headers.

The three headers are the following:

X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff

Do the same thing to your Linux Servers

There is a good chance your organization is running some Linux servers. Out of the box, CentOS/Ubuntu will have several weak ciphers. It's very easy to correct that but you will need root privileges.

First, we will check what ciphers your server is offering. If the server has a public IP address you can go to https://sshcheck.com and enter the FQDN or the IP address. You will get back a comprehensive report back with suggestions on which items should be disabled.

If the server is internal you can use nmap's ssh-enum script:

sudo nmap --script ssh2-enum-algos 192.168.10.239

This will return a list of the crypto offered by your server.

Update the sshd config file

The sshd config file is located at /etc/ssh. We need to open it and add the suites we want. First we will make a backup copy.

sudo cd /etc/ssh
sudo cp sshd_config sshd_config.bak
sudo nano sshd_config

Add the following (Make sure these fit your company's security policies)
ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr

macs umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128@openssh.com,hmac-sha2-256

KexAlgorithms diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256,curve25519-sha256,curve25519-sh$

You can add these anywhere. I put them just below the section
"# Ciphers and keying".

Press ctrl+x, enter Y to save the file and enter to complete.

You can use

sudo sshd -t

to verify the changes. If there are no mistakes in the configuration file nothing will be displayed. If there are errors you get a message with the line number where the error occurred.

You can use

sshd -T

to dump the current ssh configuration.

Now we just need to restart the ssh daemon;

sudo systemctl restart sshd

Check your work

Refresh the sshcheck page or rerun nmap. You should see just the cipher suites you entered. Here is nmap against my server:

nmap --script ssh2-enum-algos -sV -p22 hubbardonnetworking.com

References

Putty SSH V2
SSH Algorithms for Common Criteria Certification
Cisco IOS HTTP Services Command Reference

HTTP Services Configuration Guide, Cisco IOS XE Fuji 16.9.x
How do I disable cbc mode ciphers
Next Generation Cryptography
tls ssl cipher hardening
OWASP cheatsheets TLS_Cipher_String
ciphersuite strength
The standard reference on SSH, newly revised and updated!

@rikosintie

Michael earned his first IT certification, a Novell Certified Netware Engineer (CNE) in 1993. Michael then focused on the Microsoft MCSE credential, studied database design, and wrote several Visual Basic programs to automate production at a manufacturing company. In 2000 he earned the Cisco CCNA. Since then, Michael has earned Cisco’s security certification, Aruba’s switching certification, and the LPI’s Linux Essentials certification.

Thursday, March 17, 2016

Upgrading Cisco IOS XE switches

IOS XE based switches like the 3850 series are Linux based. Compared to a 3750 switch where the tar file was under 15MB the 3850s have HUGE files. On the order of 300MB or 20 times the size of the 3750. Since the image is so large Cisco doesn't recommend using tftp to copy the image over. Here is the method TAC gave me and it has worked successfully on every switch I have used it on.

The switches can run in Bundle or install mode. Install mode is the recommended and is the method discussed in this blog.

Downloading the file

Log into Cisco.com's support site with your CCO credentials and search for the IOS XE file. Once you find the file click on the file name and copy the MD5 checksum value. You can drag your mouse over the hash to select it and then ctrl+c to copy it. We will need that to verify the file after we copy it to flash.

In our case - MD5 Checksum: 5fa29c3d9df48f882f4d6439b81bc2ce

Using SCP

I wrote a blog on using SCP a while back. You can refer to it for more detail if needed Using SCP to transfer files. On MAC/Linux SCP is built in.

On windows you will need to download an SCP tool. Since I use SuperPutty when I'm on Windows the Putty version of SCP (PSCP) is what I use. You can download it here. No install is required for PSCP and I saved it to my downloads folder.

If you prefer a GUI, WinSCP is a free open source graphical program for Windows.

On the switch, from global configuration mode, add "ip scp server enable" to enable SCP. You will need to be running a "K9" firmware version to use SCP. You can do a "sh ver | i K9" to determine if the switch is running a crypto image. Here is an example:

My-3850#sh ver | i K9
Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500es8-UNIVERSALK9-M), Version 03.06.04.E RELEASE SOFTWARE (fc2)
Hubbard_Test#

You will need the following information to copy the file:
IP Address of the switch - 10.140.68.110
Username and password of a user on the switch - mhubbard / mW!yV1s^L1Bx
The filename to copy - cat3k_caa-universalk9.SPA.03.06.04.E.152-2.E4.bin

Once the download is complete open a cmd window, CD to the folder where you saved pscp and enter:
pscp -scp -pw mW!yV1s^L1Bx C:\tftp-root\cat3k_caa-universalk9.SPA.03.06.04.E.152-2.E4.bin mhubbard@10.140.68.110:flash:cat3k_caa-universalk9.SPA.03.06.04.E.152-2.E4.bin

pw - this is the password for the user. In this case mW!yV1s^L1Bx for user mhubbard
mhubbard@10.140.68.110 - mhubbard is the user on the switch and 10.140.68.110 is the IP

You will get some feedback on how fast the copy is going and a percent complete counter.
cat3k_caa-universalk9.SPA.03.06.04.E.152-2.E4.bin | 8784 kB | 798.5 kB/s | ETA: 00:06:35 | 2%

If SCP isn't enabled on the switch you will receive this message:
Administratively disabled.
Fatal: Received unexpected end-of-file from server

Copy switch to switch

If one switch already has the firmware on it you can use SCP to copy the image to anohter switch:

My-3850#copy scp: flash:
Address or name of remote host [10.140.68.247]?
Source username [mhubbard]?
Source filename [cat3k_caa-universalk9.SPA.03.06.05.E.152-2.E5.bin]?
Destination filename [cat3k_caa-universalk9.SPA.03.06.05.E.152-2.E5.bin]?

Verifying the copy

This is the key step! Once the copy is complete log onto the switch and run a dir of flash:

My-3850#dir
Directory of flash:/

40402 -rwx 2097152 Mar 16 2016 16:58:43 -07:00 nvram_config
40403 -rw- 2574 Oct 24 2014 04:58:09 -07:00 aup.html
40404 -rw- 344 Oct 24 2014 04:58:09 -07:00 failed.html
40405 -rw- 4082 Oct 24 2014 04:58:09 -07:00 login.html
40406 -rw- 318 Oct 24 2014 04:58:09 -07:00 loginscript.js
40407 -rw- 1116 Oct 24 2014 04:58:09 -07:00 logout.html
40408 -rw- 70123 Oct 24 2014 04:58:10 -07:00 yourlogo.jpg
40409 -rw- 2846 Oct 24 2014 04:58:09 -07:00 consent.html
40410 -rw- 984 Mar 15 2016 19:18:26 -07:00 vlan.dat
40418 -rw- 1234 Oct 24 2014 04:27:48 -07:00 packages.conf.00-
48483 -rw- 82653508 Dec 30 2014 19:27:39 -08:00 cat3k_caa-base.SPA.03.06.01E.pkg
40419 -rw- 1236 Dec 30 2014 19:27:48 -08:00 packages.conf
72722 drwx 4096 Oct 24 2014 04:28:16 -07:00 mnt
40412 -rw- 82672260 Oct 24 2014 04:27:36 -07:00 cat3k_caa-base.SPA.03.06.00E.pkg
40413 -rw- 6601404 Oct 24 2014 04:27:36 -07:00 cat3k_caa-drivers.SPA.03.06.00E.pkg
40414 -rw- 33747948 Oct 24 2014 04:27:36 -07:00 cat3k_caa-infra.SPA.03.06.00E.pkg
40415 -rw- 42769724 Oct 24 2014 04:27:37 -07:00 cat3k_caa-iosd-universalk9.SPA.152-2.E.pkg
40416 -rw- 25711500 Oct 24 2014 04:27:37 -07:00 cat3k_caa-platform.SPA.03.06.00E.pkg
40417 -rw- 98462528 Oct 24 2014 04:27:37 -07:00 cat3k_caa-wcm.SPA.10.2.102.0.pkg
72723 drwx 4096 Feb 20 2016 17:09:01 -08:00 dc_profile_dir
48484 -rw- 6625980 Dec 30 2014 19:27:39 -08:00 cat3k_caa-drivers.SPA.03.06.01E.pkg
48485 -rw- 33749996 Dec 30 2014 19:27:39 -08:00 cat3k_caa-infra.SPA.03.06.01E.pkg
48486 -rw- 42827072 Dec 30 2014 19:27:39 -08:00 cat3k_caa-iosd-universalk9.SPA.152-2.E1.pkg
64644 -rw- 25727884 Dec 30 2014 19:27:39 -08:00 cat3k_caa-platform.SPA.03.06.01E.pkg
64645 -rw- 99240768 Dec 30 2014 19:27:40 -08:00 cat3k_caa-wcm.SPA.10.2.111.0.pkg
40411 -rw- 302988468 Mar 16 2016 18:03:48 -07:00 cat3k_caa-universalk9.SPA.03.06.04.E.152-2.E4.bin

The file is in flash and the size, time/date stamp looks correct.

Now run the MD5 verify command. A lot of dots will scroll by before it completes, I truncated all but one row!

verify /md5 cat3k_caa-universalk9.SPA.03.06.04.E.152-2.E4.bin
.............................................................................................................................................................
.........................Done!
verify /md5 (flash:cat3k_caa-universalk9.SPA.03.06.04.E.152-2.E4.bin) = 5fa29c3d9df48f882f4d6439b81bc2ce

Compare it to the value from the Cisco site - 5fa29c3d9df48f882f4d6439b81bc2ce.

As you can see the file passed the verify operation.

Now we can start the installation:
My-3850#software install file flash:cat3k_caa-universalk9.SPA.03.06.04.E.152-2.E4.bin new verbose
Preparing install operation ...
[1]: Copying software from active switch 1 to switch 2
[1]: Finished copying software to switch 2
[1 2]: Starting install operation
[1 2]: Expanding bundle flash:cat3k_caa-universalk9.SPA.03.06.04.E.152-2.E4.bin
[1 2]: Copying package files
[1 2]: Package files copied
[1 2]: Finished expanding bundle flash:cat3k_caa-universalk9.SPA.03.06.04.E.152-2.E4.bin
[1 2]: Verifying and copying expanded package files to flash:
[1 2]: Verified and copied expanded package files to flash:
[1 2]: Starting compatibility checks
[1 2]: Finished compatibility checks
[1 2]: Starting application pre-installation processing
[1 2]: Finished application pre-installation processing
[1]: Old files list:
Removed cat3k_caa-base.SPA.03.06.01E.pkg
Removed cat3k_caa-drivers.SPA.03.06.01E.pkg
Removed cat3k_caa-infra.SPA.03.06.01E.pkg
Removed cat3k_caa-iosd-universalk9.SPA.152-2.E1.pkg
Removed cat3k_caa-platform.SPA.03.06.01E.pkg
Removed cat3k_caa-wcm.SPA.10.2.111.0.pkg
[2]: Old files list:
Removed cat3k_caa-base.SPA.03.06.01E.pkg
Removed cat3k_caa-drivers.SPA.03.06.01E.pkg
Removed cat3k_caa-infra.SPA.03.06.01E.pkg
Removed cat3k_caa-iosd-universalk9.SPA.152-2.E1.pkg
Removed cat3k_caa-platform.SPA.03.06.01E.pkg
Removed cat3k_caa-wcm.SPA.10.2.111.0.pkg
[1]: New files list:
Added cat3k_caa-base.SPA.03.06.04.E.pkg
Added cat3k_caa-drivers.SPA.03.06.04.E.pkg
Added cat3k_caa-infra.SPA.03.06.04.E.pkg
Added cat3k_caa-iosd-universalk9.SPA.152-2.E4.pkg
Added cat3k_caa-platform.SPA.03.06.04.E.pkg
Added cat3k_caa-wcm.SPA.10.2.140.0.pkg
[2]: New files list:
Added cat3k_caa-base.SPA.03.06.04.E.pkg
Added cat3k_caa-drivers.SPA.03.06.04.E.pkg
Added cat3k_caa-infra.SPA.03.06.04.E.pkg
Added cat3k_caa-iosd-universalk9.SPA.152-2.E4.pkg
Added cat3k_caa-platform.SPA.03.06.04.E.pkg
Added cat3k_caa-wcm.SPA.10.2.140.0.pkg
[1 2]: Creating pending provisioning file
[1 2]: Finished installing software. New software will load on reboot.
[1 2]: Committing provisioning file

[1 2]: Do you want to proceed with reload? [yes/no]: n

Notice that I selected no instead of yes to reload the switch. There is one more step to take before reloading. Initially I used tftp to copy and install the file in one step. I didn't verify or do this step. I ended up with one switch at rommon mode and one switch stack that was missing its configuration!

Run the following to see the packages:
My-3850#dir | i 3.06.04
40408 -rw- 82665136 Mar 15 2016 18:30:27 -07:00 cat3k_caa-base.SPA.03.06.04.E.pkg
40409 -rw- 4913852 Mar 15 2016 18:30:27 -07:00 cat3k_caa-drivers.SPA.03.06.04.E.pkg
40410 -rw- 33784816 Mar 15 2016 18:30:27 -07:00 cat3k_caa-infra.SPA.03.06.04.E.pkg
40412 -rw- 27417488 Mar 15 2016 18:30:28 -07:00 cat3k_caa-platform.SPA.03.06.04.E.pkg

My-3850#more flash:packages.conf
#! /usr/binos/bin/packages_conf.sh

Notice that this command runs a Linux shell command.

When it finishes make sure that all the packages are set to the 03.06.04 pkg.

sha1sum: b67332dea64aae6b5d80f92b19713413707f9c27
iso rp 0 0 rp_base cat3k_caa-base.SPA.03.06.04.E.pkg
iso rp 0 0 rp_infra cat3k_caa-infra.SPA.03.06.04.E.pkg
iso rp 0 0 rp_platform cat3k_caa-platform.SPA.03.06.04.E.pkg
iso rp 0 0 rp_iosd cat3k_caa-iosd-universalk9.SPA.152-2.E4.pkg
iso rp 0 0 rp_wcm cat3k_caa-wcm.SPA.10.2.140.0.pkg
iso rp 0 0 drivers cat3k_caa-drivers.SPA.03.06.04.E.pkg

#
# -start- superpackage .pkginfo
#
# pkginfo: Name: rp_super
# pkginfo: PackageFileType: iso
# pkginfo: BuildTime: Sat Feb 13 04:00:36 PST 2016
# pkginfo: ReleaseDate: Sat Feb 13 04:00:36 PST 2016
# pkginfo: .BuildArch: mips
# pkginfo: RouteProcessor: mips
# pkginfo: Platform: ng3k
# pkginfo: User: abhakat
# pkginfo: PackageName: cat3k_caa-universalk9
# pkginfo: Build: 03.06.04.E
# pkginfo: Dependencies: PROVIDES:cat3k_caa-base,03.06.04.E,mips;cat3k_caa-infra,03.06.04.E,mips;cat3k_caa-platform,03.06.04.E,mips;cat3k_caa-iosd-universalk9,152-
2.E4,mips;cat3k_caa-wcm,10.2.140.0,mips;cat3k_caa-drivers,03.06.04.E,mips;
# pkginfo: .SupportedBoards: unknown
# pkginfo: .BuildPath: unknown
# pkginfo: BuildType: Production
#
# -end- superpackage .pkginfo
#

At this point reload and go get a cup of coffee (or two) while it restarts!

But what if they don't match up?

I asked TAC and here is the response:
**************************************************
After the package files are expanded and copied to flash, the running provisioning file (flash:packages.conf) is updated to reflect the newly installed packages, and the controller displays a reload prompt.

If this is not pointing to the correct version, run the software install command again and make sure you are not getting a new provisioning file, sometimes the .conf file name is changed and we need to modify the boot variable to the correct provisioned file.

Cisco refers to “packages.conf” as the provision file. Sometimes when we expand the images this file name might change, at the moment of the expand the same system let you know about the file name change, when this happen the only thing you need to do is to modify the boot variable to point to the new file.

Watch the install messages closely and if you see a message stating that the packages.conf file name has changed you MUST update the boot variable before reloading. If you don't the switch will reload to the switch: prompt.
**************************************************

Note: you will see packages.conf.00- if this is the first upgrade and packages.conf.01- if it's the second and so on. You can run more (a standard Linux command!) on these files just as packages.conf.

A Failed Upgrade

I mentioned earlier that before I started following this procedure I had a switch that booted to switch: after the upgrade. Here is a dir from that switch. You can see that the packages have 0 bytes. TAC said that was probably because I used tftp for the transfer and the .bin was corrupt.
switch: dir flash:
Directory of flash:/

16161 drwx 4096 .
2 drwx 4096 ..
16162 -rwx 2097152 nvram_config
16163 -r-- 0 vlan.dat
16164 -rw- 1236 packages.conf.00-
0 -rw- 1236 cat3k_caa-base.SPA.03.06.01E.pkg
0 -rw- 1236 cat3k_caa-drivers.SPA.03.06.01E.pkg
0 -rw- 1236 cat3k_caa-infra.SPA.03.06.01E.pkg
0 -rw- 1236 cat3k_caa-iosd-universalk9.SPA.152-2.E1.pkg
16184 -rw- 1234 packages.conf.01-
16185 -rw- 1236 packages.conf
16170 drwx 4096 mnt
0 drwx 4096 cat3k_caa-base.SPA.03.06.00E.pkg
0 drwx 4096 cat3k_caa-drivers.SPA.03.06.00E.pkg
0 drwx 4096 cat3k_caa-infra.SPA.03.06.00E.pkg
0 drwx 4096 cat3k_caa-iosd-universalk9.SPA.152-2.E.pkg
0 drwx 4096 cat3k_caa-platform.SPA.03.06.00E.pkg
0 drwx 4096 cat3k_caa-wcm.SPA.10.2.102.0.pkg
16169 -rw- 2574 aup.html
16173 -rw- 344 failed.html
16174 -rw- 4082 login.html
16175 -rw- 318 loginscript.js
16176 -rw- 1116 logout.html
16177 -rw- 577536 yourlogo.jpg
16178 -rw- 2846 consent.html
16179 drwx 4096 dc_profile_dir
0 drwx 4096 cat3k_caa-platform.SPA.03.06.01E.pkg
0 drwx 4096 cat3k_caa-wcm.SPA.10.2.111.0.pkg
0 drwx 4096 cat3k_caa-base.SPA.03.06.03E.pkg
0 drwx 4096 cat3k_caa-drivers.SPA.03.06.03E.pkg
0 drwx 4096 cat3k_caa-infra.SPA.03.06.03E.pkg
0 drwx 4096 cat3k_caa-iosd-universalk9.SPA.152-2.E3.pkg
0 drwx 4096 cat3k_caa-platform.SPA.03.06.03E.pkg
0 drwx 4096 cat3k_caa-wcm.SPA.10.2.131.0.pkg

1557549056 bytes available (29929472 bytes used)

Operation timed out waiting for switch 2

I had this happen recently. I verified the copy but the install timed out on switch 2.

software install file flash:cat3k_caa-universalk9.SPA.03.06.10.E.152-2.E10.bin
Preparing install operation ...
[1]: Copying software from active switch 1 to switch 2
[1]: Finished copying software to switch 2
[1 2]: Starting install operation
[1 2]: Expanding bundle flash:cat3k_caa-universalk9.SPA.03.06.10.E.152-2.E10.bin
[1 2]: Copying package files
[1 2]: Package files copied
[1 2]: Finished expanding bundle flash:cat3k_caa-universalk9.SPA.03.06.10.E.152-2.E10.bin
[1]: % Operation timed out waiting for switch 2 to respond. Operation aborted.

It didn't say what operation timed out so I ran a dir on switch 2:

dir flash-2:
Directory of flash-2:/

8083 -rwx     2097152   Jul 9 2019 14:14:23 -07:00 nvram_config
8084 -rw-        1344 Feb 27 2019 00:21:09 -08:00 vlan.dat
8082 -rw-   302112348 Jun 27 2019 15:33:33 -07:00 cat3k_caa-universalk9.SPA.03.06.10.E.152-2.E10.bin
8101 -rw-        1236   Mar 7 2017 15:45:15 -08:00 packages.conf
40402 drwx        4096 Sep 11 2014 03:06:13 -07:00 mnt
40403 drwx        4096 Feb 27 2019 00:20:01 -08:00 dc_profile_dir
8089 -rw-        2574 Sep 11 2014 03:39:08 -07:00 aup.html
8092 -rw-         344 Sep 11 2014 03:39:08 -07:00 failed.html
8093 -rw-        4082 Sep 11 2014 03:39:03 -07:00 login.html
8094 -rw-         318 Sep 11 2014 03:39:08 -07:00 loginscript.js
8095 -rw-        1116 Sep 11 2014 03:39:08 -07:00 logout.html
8096 -rw-       70123 Sep 11 2014 03:39:08 -07:00 yourlogo.jpg
8097 -rw-        2846 Sep 11 2014 03:39:08 -07:00 consent.html
8103 -rw-    83293932   Mar 7 2017 15:45:12 -08:00 cat3k_caa-base.SPA.03.06.06E.pkg
8104 -rw-     3982012   Mar 7 2017 15:45:12 -08:00 cat3k_caa-drivers.SPA.03.06.06E.pkg
8105 -rw-    33788908   Mar 7 2017 15:45:12 -08:00 cat3k_caa-infra.SPA.03.06.06E.pkg
8106 -rw-    43074880   Mar 7 2017 15:45:13 -08:00 cat3k_caa-iosd-universalk9.SPA.152-2.E6.pkg
16161 -rw-    28394380   Mar 7 2017 15:45:13 -08:00 cat3k_caa-platform.SPA.03.06.06E.pkg
16162 -rw-   111233856   Mar 7 2017 15:45:13 -08:00 cat3k_caa-wcm.SPA.10.2.160.0.pkg

The .bin file is on switch 2 and the file size looks correct. I ran "more packages.conf" and "dir pack*.*" and everything looked go to boot into the old image. I reloaded and then the install completed successfully.

The switch was on 3.6.6 and hadn't been rebooted in over a year. I think that 3.6.6 may have a memory leak because I have had issues with this version where the console isn't reponsive or other issues and a reload always corrects it.

References

Catalyst 3850 Series Switch Upgrade, Management, and Recovery Techniques - If you have a switch that boots to the "switch:" prompt you can follow the instructions in this document to recover.

@rikosintie

Wednesday, July 22, 2015

Authenticating to Cisco devices using SSH and your RSA Public Key

Using an RSA Public/Private key pair instead of a password to authenticate an SSH session is popular on Linux/Unix boxes. Digital Ocean, a Virtual Private Server (VPS) provider, has this advice on how you should log into their Droplets: "you should use public key authentication instead of passwords, if at all possible. This is because SSH keys provide a more secure way of logging in compared to using a password alone. While a password can eventually be cracked with a brute-force attack, SSH keys are nearly impossible to decipher by brute force alone." Plus, it means you never have to type C!$c0 again!

Cisco IOS now has support for using SSH with RSA keys. There are many resources showing how to configure SSH with RSA keys on the Internet and I have included several in the references section to give you more information. In this blog I am going to show how to configure a switch and create the public/private key pair using Puttygen for Windows.

OpenSSH ships with most *nix OS's like Mac OSX and Ubuntu so you don't need a separate program to generate the key pair. There are resources in the reference section on how to create the keys using OpenSSH. As a side note, Microsoft announced that it is going to build OpenSSH support into Powershell so you may be able to log into the next release of Windows server using SSH.

Download Puttygen

Recently there was some malware floating around using the name putty.exe. Make sure that you download putty and puttygen from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

The MD5 check sums are at this link - checksums. On Windows you can use the official MS tool FCIV to check the MD5 sums. You can also use the certutil tool built into windows:
certutil -hashfile <filename> md5

If you prefer a GUI Hashtab is a nice tool that integrates into the right click menu. It's free but does require registration and an email address.

On Linux:
md5sum <filename>

Once you have Puttygen double click to start it up. Enter a description for your key and a passphrase. I recommend storing your passphrase in a password manager so that you don't for get it. Select SSH-2 RSA and enter 2048 for bits. Enter a comment for your key pair and click Generate. You will be asked to move the mouse around to generate some entropy.

Once the key is done you can select it and paste it into the switch. You should also save the public and private keys to a file.

Open Putty and create a session. Click on Auth under the SSH menu. Under Authentication parameters click Browse and select your private key. Click on Session and save your session.

You can also click on Data under Connection and set up an Auto-login username:

Don't forget to save your session. If you always log in using the same settings you can set all of them and then save the session as the default session.

Setup the Cisco Device

I'm using a 3750X-48P-L running IOS Version 15.2(3)E1 for this example.

Configure a time server

While this isn't absolutely necessary it's the first thing I do on any production device.
3750x(config)#ntp server 129.6.15.29 prefer
3750x(config)#clock timezone PST -8 0
3750x(config)#clock summer-time PDT recurring

Configure an IP domain name, create the RSA private key and enable SSH

3750x(config)ip domain-name pu.pri
3750x(config)crypto key generate rsa modulus 2048 exportable
3750x(config)ip ssh version 2

Note the "exportable" parameter. This isn't required but I wanted to point that out that you can make the keys exportable. It's not so important in this case but if you have setup GetVPN on a router you absolutely want to export the keys used for the tunnels. If you don't and the router fails you will have to touch EVERY tunnel once you replace the hardware. If you have exported the keys you just reload them on the new hardware and call it a day.

I have a link to a Cisco TAC podcast on GetVPN and DMVPN in the references that does a great job of explaining how to use RSA key pairs and why you MUST export them. If you don't want to listen to the entire podcast jump to minute 40 or so and listen from there. I highly recommend listening to all the TAC Security podcasts.

View the key

3750x#sh crypto key mypubkey rsa
% Key pair was generated at: 22:53:25 PDT Jul 16 2015
Key name: 3750x.pu.pri
Key type: RSA KEYS
Storage Device: not specified
Usage: General Purpose Key
Key is exportable. Redundancy enabled.
Key Data:
30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101
00ABDBCC B2C31B8F 264A92D0 8C56D9F2 B5B2E8E3 354BDA0E A3C6F287 5D5A66D4
5BDF9E25 A866E5CA 3B6641CB 375410E9 4F142169 8334C1DC 88F8BC34 80129A62
F59E0B90 B329A728 93F96C32 EE2AF78A DFF692A0 1649D911 F8DA728B 108B2790
4954B60D 62999C52 2F832900 61A654A3 938EF6FB EB85F88F 2A3740D6 BE57B4C8
C55EE8A0 4F6A23AB 416CB6F3 9F211B2E 2640ED4E 7AB03B6F 4B982F91 4965B834
DB00254F F00E5D4D D3C102AA 75A78903 862D22AF 290D85B2 09D1D8A6 4A5D66C4
4B7A2E0F 437A4566 864130ED 82411160 4198AFC1 AC0C8946 2FE181A5 6AFBD4AF
20E8D5A5 83BA182F A5FA8352 48E55CF5 1A5C2F38 B61A57A1 DC7229F8 994C87B2
C5020301 0001

Export the key

3750x(config)#crypto key export rsa 3750x.pu.pri pem terminal 3des SecurePassPhrase
% Key name: 3750x.pu.pri
Usage: General Purpose Key
Key data:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq9vMssMbjyZKktCMVtny
tbLo4zVL2g6jxvKHXVpm1FvfniWoZuXKO2ZByzdUEOlPFCFpgzTB3Ij4vDSAEppi
9Z4LkLMppyiT+Wwy7ir3it/2kqAWSdkR+NpyixCLJ5BJVLYNYpmcUi+DKQBhplSj
k472++uF+I8qN0DWvle0yMVe6KBPaiOrQWy2858hGy4mQO1OerA7b0uYL5FJZbg0
2wAlT/AOXU3TwQKqdaeJA4YtIq8pDYWyCdHYpkpdZsRLei4PQ3pFZoZBMO2CQRFg
QZivwawMiUYv4YGlavvUryDo1aWDuhgvpfqDUkjlXPUaXC84thpXodxyKfiZTIey
xQIDAQAB
-----END PUBLIC KEY-----
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,3E0EAC17DCDE45B0

Hq3gxGpuI8eE1WvPPr3Xw8bcrzV+cCHvGLu6D3atp5O89sQIQUMxI/udppUMWnbI
7iIpuFIJfTM9WfkNBvBBDVR4jjZfm8sHVqNll2flwqhwnPITaRBgJreaUaHL4xlU
xmPEkApfu7odjZS6sn93tZ1W1+Smn5XzAoBhKNi2N0oDjR0ruubUsPBEWcBFuzJQ
k5SKVsYl++DcA7WgFlL14/B6GgQTEoVJ6R9N14cOCJVORIhCYSxZlds4rNMeuX/9
RffhZriB+0OWJvEnxmgoKpshOX7hQVYpbHyPuJ2sDMwxwqv27uQPVp96kUhm33US
lA/7EEHzWnbvJI4TRCWFSLbaUAiPqA9NMalD6lGqpADqtaoPFPCq4pfQdMc1Lfm8
x0C8Yk+YhQDs/NNyem0xj1swKcxnbcisKzqvFdKNy4Oo60sZZD0dzBlQpxNGbQbo
GxqUPkf2nJ9/1cLnrYQ2gE5f3EN9vfBJbNWx4I5D4uNFaM/an2JxCatOwM7qglhh
C2kPofynBgxfedxSRwButo0VFt4wNs7Ijk2o/IlfZDpaxZoisQwz21z3gnKSTuVQ
gwBcfwXLLyP7e4xTmHcHQfpzu2XQjJmHTqYBU2c/fsBXYYmbwfKgp2UeeVgCVfWP
7Cd53PtRc6kycodB6phcHRdnBd2TDame6IP7dHKASbcuHXFmBRAPRG2wpt90BzFC
WRaRAkSvf8b2GAKjoHJF8Pw/eQBgc9JPXY5UkGapRT+fkw1fS99GUXPiI5EYMmws
BYOOMBgY7h+FCHCuuQ/FpZEyRYHBMYbUSZ0Vt4ikQh4L6kdOz5fC04IUXwtDnOh0
Lv9Un8YRS9tL4JzXjTauByhNxj+JEQnUCBXjTEbdJGZ1k8LGygfD8ixwK8StQ3pe
nwCrJwBPP5oORJmZssdTubyldZTy/abgnZMoJ9RgBI2muxL+3EtzvLnrUvaD4SkK
X8InDcEk8WlmI5joMe+wxrgKehWuRddD0iB+CfpE9N90fRGEvS/awHx2RVdh9VFo
b85l5ebRC8FsIckQPp8qc71vcrJ4P2D88FT5VshD4aUhZYWdLDRPLzbMrFOprjqu
sSU/cxL7V6w3954PzlAV0yVyiQ9TnPCSdPPBVLV8oJzXo/6LWWND72Xi9ORbCTIP
GcoSURd8oQwzmEbwuxeAv2JmZyiJCTZWOvDOc0mZCr7NgkbkZPH+wi8aJzsv9gDU
ISLBu4c+MQ5At4wad6fXLHeAOpKTNJ7nlfHgcgCichQv/tC+yZgvMiV3d6aumXri
dZLBThpuXOWNxkYO3tpZfNv1sRCfwTrn7sr/zW8mDvGMSNlwqOLwDGnH2G5HbQFm
G/w70NxwY5jQniOA/FurorBtm1P68uji7i1yHM6jctfElJXKcBWNyKHsLEc8Uk1A
2CdVPt9fXoUAqjcyV8rqyzn91P6E04ilqUp129oABcVAh7A3lr4u76Nt5Na5qDuo
zzP/2yZAi6dKQJOxpyMjQo4zkKPVPDjkJOwJtfIqGsC5glpYbMXGmUPhsYapAyK6
maXbb2L9aVDnZxl8bt0vHSBDpGVBThXX/iQgZaV0eGzSEhgwZF2wOuLTIMTnJX3C
-----END RSA PRIVATE KEY-----

Configure AAA authentication

The aaa new-model command causes the local username and password on the router to be used in the absence of other AAA statements. Once you enter "aaa new-model" you will not be able to enter "login local" on vty line configuration. If you had login local configured it will be removed.

When you create the username be sure to include a secret. I you don't anyone will be able to login with just the username. As always, create a strong secret and use a password manager to store it.

3750x(config)#username cisco privilege 15 secret ^8(nn-!#who
3750x(config)#aaa new-model
3750x(config)#aaa authentication login default local
3750x(config)#aaa authorization exec default local

(Authentication through the line password is not possible with SSH)

Configure the line

3750x(config)#line vty 0 4
3750x(config-line)#transport input ssh
3750x(config-line)#logging sync (prevents console messages from interfering with your inputs)

Add your PUBLIC key to the device.

Open the public key file you created in puttygen. Copy the text between the comments. If you generated a 2048 bit key you will need to paste it into notepad and break it into smaller pieces or you may see "%SSH: Failed to decode the Key Value" when you exit:
3750x(config)#ip ssh pubkey-chain
3750x(conf-ssh-pubkey)#username hubbard
3750x(conf-ssh-pubkey-user)#key-string
3750x(conf-ssh-pubkey-data)#$QAAAQEAkp2EDdpi86+h2aygSIYLt6DvoeFVKYJ1S/Zr
3750x(conf-ssh-pubkey-data)#$ylIDAzWA+G9TolxvWTLzTcUR/+Ykk74mqQbuGTxpteP
3750x(conf-ssh-pubkey-data)#$IStVVjycGYHRSJv9H2C8OQYMcHCR7yM/36TTFRIjLfV
3750x(conf-ssh-pubkey-data)#$PaWM45mr8DI2/sJkwESLWWGJKYiaSxEG6h+gLA5DePj
3750x(conf-ssh-pubkey-data)#$SP4zpktK7KD51NQDy8vx3jVVhkkANGbFfz/uWk2Uhno
3750x(conf-ssh-pubkey-data)#$DQeBxtZbxEGU4tXDZmRbPGVmk8DtFh9LVRCxUTQ==
3750x(conf-ssh-pubkey-data)#exit

3750x#sh run | sec ssh
ip ssh version 2
ip ssh pubkey-chain
username hubbard
key-hash ssh-rsa 0C029272CF23E61C4315A0D59E565B76
transport input telnet ssh
3750x#
3750x#sh run | b 0 4
line vty 0 4
transport input ssh
line vty 5 15

Note - You can use the HASH instead of the key for the next devices you setup. Instead of using "Key-string" in the ip ssh pubkey-chain statement use "key-hash ssh-rsa 0C029272CF23E61C4315A0D59E565B76".

Login using your SSH Keys!

References

SSH RSA authentication works in IOS release 15.0M
Secure Shell Version 2 Support in IOS 15
TAC Security Podcast Episode #25 - GETVPN and DMVPN
SSH/OpenSSH/Keys - A good Ubuntu article on OpenSSH
How to create ssh keys with putty to connect to a virtual private server (VPS) - The Digital Ocean Tutorial. They have a lot of good tutorials.
Using SSH/SCP on Mac OS X in the Terminal app
Kali Linux remote SSH – How to configure openSSH server - A great tutorial.
SSH using public key authentication to IOS and big outputs - A Cisco Support Forum article. It includes a Bash script for remotely executing commands.

SSH with key authentication on Cisco IOS devices - A good blog for Windows users
How To Protect SSH with fail2ban on Ubuntu 12.04
Synchronise remote SSH authorised_keys
Configure SSH in IOS - For IOx devices such as ISR819(C819), CGR1120/1240, and IR829/809.

@rikosintie