Changing diffie-hellman key size on sg500x-48p

TauTech65610 — Thu, 11 Jun 2020 18:16:31 GMT

Greetings,

I've recently been tasked with making some of my servers FIPS-compliant. In the process I've run into a problem accessing my sg500x-48p switch via SSH. I get the following error:

no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

I've searched and found similar issues here and elsewhere which were solved by increasing the size of the diffie-hellman key used to something like 2048 or 4096 with the cli command `ip ssh dh min size 2048`. This command doesn't seem to be supported by my switch though, I've searched the CLI manual and can't find an equivalent command. I've updated my switch to the latest available firmware. According to cisco the switch is still supported but no longer sold. Thanks to any who can offer some insight.

Re: Changing diffie-hellman key size on sg500x-48p

Deepak Kumar — Thu, 11 Jun 2020 19:21:55 GMT

Hi,

I am not sure about the specific switch but you can change the same "ip ssh server algorithm <>"

Are you using any old version of SecureCRT or Putty? Try with an updated version SSH client.

topic Re: Changing diffie-hellman key size on sg500x-48p in Network Security

Changing diffie-hellman key size on sg500x-48p

Re: Changing diffie-hellman key size on sg500x-48p