I have some old Cisco switches (3560) that default to really bad SSH default. They have all been ripped out of production (Thank god) but I was thinking about using them to see how hard it is to attack SSH from a cryptographic perspective. I figured this could be a good learning exercise to learn how SSH works at a cryptographic level. The switches are setup to use RSA 1024 and md5 hashing. I don’t really know where to begin from a attack perspective. I figured that the md5 hash would be the simplest to attack but that is as far as I’ve gotten.
I’m no expert, but in general, even older SSH implementations are quite robust and definitly not trivial to attack. So I’d say, as long as you don’t expose them to the internet, which you should never do with management interfaces anyways, you should be fine. For added security, you could place them in a separate VLAN, which is good practice regardless of how new or old the SSH implementation is.
Yeah, but in a home lab, if the switches are in a separate VLAN, the bad actors would first have to get into your local network, find a way to access the management VLAN, and then launch a LOGJAM attack without you noticing. Sure, it’s not impossible, but it’s very unlikely that someone would go to such lengths just to hack the switches of some random homelabber.
That said, of course, for SSH servers exposed to the internet or in any kind of professional environment, this kind of setup absolutely shouldn’t be used anymore.
But for switches in a home lab? Come on. I’m not going to buy new switches every few years just because their management interfaces are running outdated crypto or have a few security flaws. The truth is, almost all networking products have flaws once they’re out of support, and even many that are still supported do too.
Put them in a separate VLAN, only access them from a trusted host, and you’ll be fine.
