I am unable to SSH to our 4500x core switches all of a sudden via putty, cisco CLI analyzer, or from another switch. In the logs, I see the following when I try to SSH to it.
Apr 14 15:08:34.476: %SEC-6-IPACCESSLOGP: list SSH_ACCESS permitted tcp 10.200.1.200(7037) -> 0.0.0.0(22), 1 packet
Apr 14 15:08:34.481: %SSH-3-NO_MATCH: No matching cipher found: client chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com server aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
Apr 14 15:08:45.982: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: NAME REMOVED] [Source: 10.200.1.200] [localport: 22] [Reason: Login Authentication Failed] at 10:08:45 CDT Fri Apr 14 2023
I know my logins are correct as they are saved in CLI analyzer. I've already tried the following:
- Confirmed IP SSHv2 is enabled
- IP domain name is configured
- crypto key zeroize rsa
- crypto key generate rsa modulus 2048
- Output of sh ssh after running the above
- %No SSHv2 server connections running.
- %No SSHv1 server connections running.
- Running IOS 03.04.00 with uptime of 10 years
- sh crypto key mypubkey rsa: shows key pair was generated
When I try to SSH to it from a switch, I get the following error:
%SSH: CBC Ciphers got moved out of default config. Please configure ciphers as required(to match peer ciphers)