Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4571
Views
5
Helpful
5
Replies

i cannot access to any router with SSH

Muradazz
Level 1
Level 1

‎07-11-2019 01:18 AM

Dears,

 

in the past   i can access to my routers over SSH   now  after upgrade to the latest version  i can't login to any router  and the error is related to SSH connection 

when i try   to add new router  also i have the same problem with ((( The authenticity of host "x.x.x.x" can't be established. RSA Key fingerprint is unavailable))). 

I upgrade to the last release and the same issue .

 

 

1 person had this problem
Labels:
5 Replies 5

Muradazz
Level 1
Level 1

‎07-11-2019 01:25 AM

this is the log  on my router since i use  radius server with username and password   to login to my routers over SSH

 

RP/0/RP0/CPU0:Jul 11 07:20:05.945 GMT: SSHD_[65678]: %SECURITY-SSHD-6-INFO_GENERAL : Client closes socket connection
RP/0/RP0/CPU0:Jul 11 07:20:05.946 GMT: SSHD_[65678]: %SECURITY-SSHD-3-ERR_GENERAL : Error in receiving key exchange packet
RP/0/RP0/CPU0:Jul 11 08:11:05.516 GMT: SSHD_[65602]: %SECURITY-SSHD-6-INFO_GENERAL : Client X.X.X.X closes socket connection
RP/0/RP0/CPU0:Jul 11 08:11:05.518 GMT: SSHD_[65602]: %SECURITY-SSHD-3-ERR_GENERAL : Failed in version exchange
RP/0/RP0/CPU0:Jul 11 08:11:07.955 GMT: SSHD_[65602]: %SECURITY-SSHD-6-INFO_GENERAL : no matching kex found: client ssh-rsa server ssh-dss

0 Helpful

Mark Malone
VIP Alumni
VIP Alumni
In response to Muradazz

‎07-11-2019 02:28 AM

Hi
did you try regenerate the crypto key for ssh on a switch see if it makes a diff

crypto key gernerate rsa (hit return)
2048 (hit return again )

Then try it , looks like a key issue in the logs

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Muradazz

‎07-11-2019 04:06 AM

As your log notes:

no matching kex found: client ssh-rsa server ssh-dss

Try updating your client software (putty etc.) to a newer version. Newer IOS versions have deprecated the older ssh-rsa key exchange.

0 Helpful

gunnar.gud
Level 1
Level 1
In response to Marvin Rhoads

‎04-20-2021 12:12 PM

It's the other way around, ssh-dss is deprecated, RSA is in common use today but is going to be replaced by either ECDSA or ed25519.

0 Helpful

gunnar.gud
Level 1
Level 1

‎04-20-2021 12:04 PM - edited ‎04-20-2021 12:06 PM

This is caused by Cisco CLI Analyzer only supporting RSA.

You should generate an RSA host key for network devices, unless a better type is available.

 

If you want to add other key types to Cisco CLI Analyzer, see: https://community.cisco.com/t5/cisco-cli-analyzer/cli-3-6-7-authenticity-of-rsa-fingerprint-cannot-be-verified/m-p/4390271/highlight/true#M476

0 Helpful
Customers Also Viewed These Support Documents