06-04-2018 07:44 PM - edited 03-01-2019 06:37 PM
When I tried to connect ASR 9000 router using SSH, I got the following ssh debug logs.
~$ ssh -v username@xxx.xxx.xxx.xxx OpenSSH_7.2p2 Ubuntu-4ubuntu2.4, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port 22. debug1: Connection established. debug1: key_load_public: No such file or directory debug1: identity file /home/mobigen/.ssh/id_rsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/mobigen/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/mobigen/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/mobigen/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/mobigen/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/mobigen/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/mobigen/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/mobigen/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.4 debug1: Remote protocol version 2.0, remote software version Cisco-2.0 debug1: no match: Cisco-2.0 debug1: Authenticating to xxx.xxx.xxx.xxx:22 as 'username' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: ecdh-sha2-nistp256 debug1: kex: host key algorithm: (no match) Unable to negotiate with xxx.xxx.xxx.xxx port 22: no matching host key type found. Their offer: ~$
It is strange that I don't get any offered key type.
Once I had another case that it displayed like "Their offer: ssh-dss", which I could succeed logging in by giving additional option "-oHostKeyAlgorithms=+ssh-dss" in ssh command. However this one is a bit different. Is it because of some CLI configuration missing in the router?
06-05-2018 08:55 AM
When you set up the router did you issue the crypto key generate command?
07-14-2023 06:15 PM
Thanks, Ben that worked for me. Just confirming here if anyone else needs it in the future, the crypto key generate command worked for me.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide