Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3074
Views
1
Helpful
2
Replies

Cannot connect to ASR 9000 via SSH (no matching host key type found)

sosul
Level 1
Level 1

‎06-04-2018 07:44 PM - edited ‎03-01-2019 06:37 PM

When I tried to connect ASR 9000 router using SSH, I got the following ssh debug logs.

 

~$ ssh -v username@xxx.xxx.xxx.xxx
OpenSSH_7.2p2 Ubuntu-4ubuntu2.4, OpenSSL 1.0.2g  1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/mobigen/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mobigen/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mobigen/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mobigen/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mobigen/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mobigen/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mobigen/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mobigen/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: Remote protocol version 2.0, remote software version Cisco-2.0
debug1: no match: Cisco-2.0
debug1: Authenticating to xxx.xxx.xxx.xxx:22 as 'username'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: (no match)
Unable to negotiate with xxx.xxx.xxx.xxx port 22: no matching host key type found. Their offer:
~$

It is strange that I don't get any offered key type.

Once I had another case that it displayed like "Their offer: ssh-dss", which I could succeed logging in by giving additional option "-oHostKeyAlgorithms=+ssh-dss" in ssh command. However this one is a bit different. Is it because of some CLI configuration missing in the router?

2 people had this problem
Labels:
0 Helpful
2 Replies 2

Ben Walters
Level 3
Level 3

‎06-05-2018 08:55 AM

When you set up the router did you issue the crypto key generate command?

aj.riveras
Level 1
Level 1
In response to Ben Walters

‎07-14-2023 06:15 PM

Thanks, Ben that worked for me. Just confirming here if anyone else needs it in the future, the crypto key generate command worked for me.

0 Helpful
Customers Also Viewed These Support Documents