I would like to modify the key-exchange on the switch to remove vulnerabilities such as diffie-hellman-group1-sha1
I see in general N3000 guides that I could be able to run something like "ip ssh server kex.." to set what I want.
In practice however I cannot find this command - I have very limited options with SSH I can basically just turn it off or on.
I am running firmware 18.104.22.168 , and again its an N3048ET-ON
Page 1148 https://downloads.dell.com/manuals/common/n-series_cli_660_en-us.pdf The crypto key generate commands allow you to change the key.
But I don't believe this will limit the key-exchange, just change the key itself. Am I incorrect?
I don't see any way to manipulate ciphers either. Right now the switch just allows everything, regardless of vulnerability status.
Right, I don’t see a command to change with algorithms are used.
Hrm, well thanks for double checking. The enabled key-exchanges are marked as a PCI vulnerability by Qualys. I find it difficult to allow these switches onto our network if there is no way to modify this. Seems like just the Dell Force switches allow this...