Problem description:
If the openSSH version newer then 7.0(Figure-1) on your operation system, then you might be see some error messages and unable to access switch via SSH(Figure-2).
Figure-1: OpenSSH V7.8p1 of Ubuntu OS.
ts@ts-ThinkPad-T430:~$ ssh -V OpenSSH_7.8p1, OpenSSL 1.0.2g 1 Mar 2016
Enabling SSH server on switch.
Console#ip ssh crypto host-key generate Console#configure Console(config)#ip ssh server Console(config)# Console#show ip ssh SSH Enabled - Version 2.0 Negotiation Timeout : 120 seconds; Authentication Retries : 3 Server Key Size : 768 bits
Figure-2: You may see the following three types of error messages.
ts@ts-ThinkPad-T430:~$ ssh admin@192.168.30.254 Unable to negotiate with 192.168.30.254 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 ts@ts-ThinkPad-T430:~$ ts@ts-ThinkPad-T430:~$ ssh admin@192.168.30.254 Unable to negotiate with 192.168.30.254 port 22: no matching host key type found. Their offer: ssh-dss ts@ts-ThinkPad-T430:~$ ts@ts-ThinkPad-T430:~$ ssh admin@192.168.30.254 Unable to negotiate with 192.168.30.254 port 22: no matching cipher found. Their offer: aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,des-cbc@ssh.com, des-cbc
Solution:
<1> Adding the option for algorithms when you execute the SSH.
ts@ts-ThinkPad-T430:~$ ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -oHostKeyAlgorithms=+ssh-dss -c aes128-cbc admin@192.168.30.254 The authenticity of host '192.168.30.254 (192.168.30.254)' can't be established. DSA key fingerprint is SHA256:MSm7td0VkWmmZHJXuo73ZCrQqZQz7pDFaxF7UANaa7Q. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.30.254' (DSA) to the list of known hosts. admin@192.168.30.254's password: *************************************************************** WARNING - MONITORED ACTIONS AND ACCESSES Station's information: Floor / Row / Rack / Sub-Rack / / / DC power supply: Power Source A: Floor / Row / Rack / Electrical circuit / / / Number of LP: Position MUX: IP LAN: Note: *************************************************************** CLI session with the ECS4120-28T is opened. To end the CLI session, enter [Exit]. Vty-1#
<2> Creating the “/.ssh/config” file before you execute the SSH.
ts@ts-ThinkPad-T430:~$ vi .ssh/config ts@ts-ThinkPad-T430:~$ cat .ssh/config Host * KexAlgorithms +diffie-hellman-group1-sha1 HostKeyAlgorithms +ssh-dss Ciphers aes128-cbc ts@ts-ThinkPad-T430:~$ ssh admin@192.168.30.254 admin@192.168.30.254's password: *************************************************************** WARNING - MONITORED ACTIONS AND ACCESSES Station's information: Floor / Row / Rack / Sub-Rack / / / DC power supply: Power Source A: Floor / Row / Rack / Electrical circuit / / / Number of LP: Position MUX: IP LAN: Note: *************************************************************** CLI session with the ECS4120-28T is opened. To end the CLI session, enter [Exit]. Vty-1#
Reference:
[1]https://www.openssh.com/legacy.html