Cisco Community
English
Register
Great changes are coming to Cisco Community in July. LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
3357
Views
5
Helpful
5
Replies
Muradazz
Beginner
Beginner
‎07-11-2019 01:18 AM
‎07-11-2019 01:18 AM

i cannot access to any router with SSH

Dears,

 

in the past   i can access to my routers over SSH   now  after upgrade to the latest version  i can't login to any router  and the error is related to SSH connection 

when i try   to add new router  also i have the same problem with ((( The authenticity of host "x.x.x.x" can't be established. RSA Key fingerprint is unavailable))). 

I upgrade to the last release and the same issue .

 

 

Labels:
1 person had this problem
5 REPLIES 5
Muradazz
Beginner
Beginner
‎07-11-2019 01:25 AM
‎07-11-2019 01:25 AM

this is the log  on my router since i use  radius server with username and password   to login to my routers over SSH

 

RP/0/RP0/CPU0:Jul 11 07:20:05.945 GMT: SSHD_[65678]: %SECURITY-SSHD-6-INFO_GENERAL : Client closes socket connection
RP/0/RP0/CPU0:Jul 11 07:20:05.946 GMT: SSHD_[65678]: %SECURITY-SSHD-3-ERR_GENERAL : Error in receiving key exchange packet
RP/0/RP0/CPU0:Jul 11 08:11:05.516 GMT: SSHD_[65602]: %SECURITY-SSHD-6-INFO_GENERAL : Client X.X.X.X closes socket connection
RP/0/RP0/CPU0:Jul 11 08:11:05.518 GMT: SSHD_[65602]: %SECURITY-SSHD-3-ERR_GENERAL : Failed in version exchange
RP/0/RP0/CPU0:Jul 11 08:11:07.955 GMT: SSHD_[65602]: %SECURITY-SSHD-6-INFO_GENERAL : no matching kex found: client ssh-rsa server ssh-dss

0 Helpful
Mark Malone
Mentor
Mentor
In response to Muradazz
‎07-11-2019 02:28 AM
‎07-11-2019 02:28 AM

Hi
did you try regenerate the crypto key for ssh on a switch see if it makes a diff

crypto key gernerate rsa (hit return)
2048 (hit return again )

Then try it , looks like a key issue in the logs

0 Helpful
Marvin Rhoads
VIP Community Legend VIP Community Legend
VIP Community Legend
In response to Muradazz
‎07-11-2019 04:06 AM
‎07-11-2019 04:06 AM

As your log notes:

no matching kex found: client ssh-rsa server ssh-dss

Try updating your client software (putty etc.) to a newer version. Newer IOS versions have deprecated the older ssh-rsa key exchange.

0 Helpful
gunnar.gud
Beginner
Beginner
In response to Marvin Rhoads
‎04-20-2021 12:12 PM
‎04-20-2021 12:12 PM

It's the other way around, ssh-dss is deprecated, RSA is in common use today but is going to be replaced by either ECDSA or ed25519.

0 Helpful
gunnar.gud
Beginner
Beginner
‎04-20-2021 12:04 PM
‎04-20-2021 12:04 PM

This is caused by Cisco CLI Analyzer only supporting RSA.

You should generate an RSA host key for network devices, unless a better type is available.

 

If you want to add other key types to Cisco CLI Analyzer, see: https://community.cisco.com/t5/cisco-cli-analyzer/cli-3-6-7-authenticity-of-rsa-fingerprint-cannot-be-verified/m-p/4390271/highlight/true#M476

0 Helpful
Latest Contents
Expand your Tool Belt with TAC Knowledge Through the Cisco C...
Created by ciscomoderator on 12-18-2020 10:47 AM
0
20
0
20
Support Talks video- Expand your Tool Belt with TAC Knowledge Through the Cisco CLI Analyzer (Live event -  Thursday 17 December, 2020 at 9:30 am Pacific/ 12:30 pm Eastern / 6:30 pm Paris) -This Support Talk event is a special session of the “TAC To... view more
Expand your Tool Belt with TAC Knowledge Through the Cisco C...
Created by ciscomoderator on 12-15-2020 08:14 AM
0
0
0
0
Support Talks slides- Expand your Tool Belt with TAC Knowledge Through the Cisco CLI Analyzer (Live event -  Thursday 17 December, 2020 at 9:30 am Pacific/ 12:30 pm Eastern / 6:30 pm Paris) -This Support Talk event is a special session of the “TAC To... view more
v3.6.6 crashing often on MacOS Big Sur
Created by daveald on 11-26-2020 10:08 AM
14
15
14
15
I recently updated to MacOS Big Sur and I have noticed CLI Analyzer will disappear completely from my screen and dock without notice.  I can be typing on a console session and boom, its just gone. There are no errors, and I can re-open it like n... view more
Using the TAC Data Collection Tool
Created by Jean-Christophe Rode on 01-31-2017 03:49 PM
2
20
2
20
  The Cisco CLI Analyzer is a standalone SSH client infused with Cisco TAC Intellectual Capital, and is available for Windows and Mac OS X platforms.   The TAC Data Collection tool is part of the CLI Analyzer and allows automatic collection of d... view more
Tools
Created by John Bollier on 05-19-2016 02:57 PM
1
0
1
0
File Analysis IOS-XR: Top Talkers Contract Lookup
Ask a Question
Create
+ Discussion
+ Document
+ Video
+ Project Story
Find more resources
Documents
Events
Videos
Project Gallery
New Community Member Guide
Related support document topics
Recognize Your Peers
Spotlight Award Nomination
Content for Community-Ad