Dears,
in the past i can access to my routers over SSH now after upgrade to the latest version i can't login to any router and the error is related to SSH connection
when i try to add new router also i have the same problem with ((( The authenticity of host "x.x.x.x" can't be established. RSA Key fingerprint is unavailable))).
I upgrade to the last release and the same issue .
this is the log on my router since i use radius server with username and password to login to my routers over SSH
RP/0/RP0/CPU0:Jul 11 07:20:05.945 GMT: SSHD_[65678]: %SECURITY-SSHD-6-INFO_GENERAL : Client closes socket connection
RP/0/RP0/CPU0:Jul 11 07:20:05.946 GMT: SSHD_[65678]: %SECURITY-SSHD-3-ERR_GENERAL : Error in receiving key exchange packet
RP/0/RP0/CPU0:Jul 11 08:11:05.516 GMT: SSHD_[65602]: %SECURITY-SSHD-6-INFO_GENERAL : Client X.X.X.X closes socket connection
RP/0/RP0/CPU0:Jul 11 08:11:05.518 GMT: SSHD_[65602]: %SECURITY-SSHD-3-ERR_GENERAL : Failed in version exchange
RP/0/RP0/CPU0:Jul 11 08:11:07.955 GMT: SSHD_[65602]: %SECURITY-SSHD-6-INFO_GENERAL : no matching kex found: client ssh-rsa server ssh-dss
As your log notes:
no matching kex found: client ssh-rsa server ssh-dss
Try updating your client software (putty etc.) to a newer version. Newer IOS versions have deprecated the older ssh-rsa key exchange.
It's the other way around, ssh-dss is deprecated, RSA is in common use today but is going to be replaced by either ECDSA or ed25519.
This is caused by Cisco CLI Analyzer only supporting RSA.
You should generate an RSA host key for network devices, unless a better type is available.
If you want to add other key types to Cisco CLI Analyzer, see: https://community.cisco.com/t5/cisco-cli-analyzer/cli-3-6-7-authenticity-of-rsa-fingerprint-cannot-be-verified/m-p/4390271/highlight/true#M476