cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2765
Views
0
Helpful
8
Replies

Scripting SSH connection

Brinay581
Level 1
Level 1

Hi,

I'm trying to set up a script whereby I can access one of our switches using SSH. I'm currently trying this from the CLI of  my PC but getting the following:

C:\Users\<user>>ssh <switch> -l <username> -oHostKeyAlgorithms=+ssh-dss,ssh-rsa -oKexAlgorithms=+diffie-hellman-group1-sha1 -c 3des-cbc -v
OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5
debug1: Connecting to <switch> port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\<username>/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\<username>/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\<username>/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\<username>/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\<username>/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\<user>/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\<username>/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\<username>/.ssh/id_ed25519-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\<username>/.ssh/id_xmss type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\<username>/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.7
debug1: Remote protocol version 2.0, remote software version Cisco-1.25
debug1: match: Cisco-1.25 pat Cisco-1.* compat 0x60000000
debug1: Authenticating to <switch>:22 as '<username>'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: diffie-hellman-group1-sha1
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: 3des-cbc MAC: hmac-sha1 compression: none
debug1: kex: client->server cipher: 3des-cbc MAC: hmac-sha1 compression: none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
ssh_dispatch_run_fatal: Connection to <switch> port 22: Invalid key length

 

Does anyone have any idea why this isn't working ? Thanks.

8 Replies 8

balaji.bandi
Hall of Fame
Hall of Fame

what does the outcome if you try the simple command :

 

ssh -c 3des-cbc user@device-ip

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

ssh -c

-c is a option which selects the cipher specification for encrypting the session. cipher_spec is a comma-separated list of ciphers listed in order of preference (in your case you use 3des-cbc)

Hi,

Thanks for this but it just came back with "Unable to negotiate with <ip> port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1".

I tried adding -oKexAlgorithms=+diffie-hellman-group1-sha1 but that came back with the original message "ssh_dispatch_run_fatal: Connection to <ip> port22: Invalid key length.

SSH is working as such as I can connect to this switch with Putty.

what ssh program you using to connect. can you post ssh -v ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

putty 0.73

does the provided command help you. You should configure it in config mode

Hi - the "-v" output is the same as the original at the beginning of the post. Thanks.

Hi - I'm using SSH from the command line of Windows. Thanks.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: