Hi all,
trying to archive configuration on cisco routers having ip ssh configured with:
ip ssh dh min size 2048
results in following error message on router:
Feb 17 13:35:58 CET: SSH1: sent protocol version id SSH-2.0-Cisco-1.25
Feb 17 13:35:58 CET: SSH1: protocol version id is - SSH-2.0-CmdSvc
Feb 17 13:35:58 CET: SSH2 1: send:packet of length 320 (length also includes padlen of 8)
Feb 17 13:35:58 CET: SSH2 1: SSH2_MSG_KEXINIT sent
Feb 17 13:35:58 CET: SSH2 1: ssh_receive: 248 bytes received
Feb 17 13:35:58 CET: SSH2 1: input: total packet length of 248 bytes
Feb 17 13:35:58 CET: SSH2 1: partial packet length(block size)8 bytes,needed 240 bytes,
maclen 0
Feb 17 13:35:58 CET: SSH2 1: input: padlength 6 bytes
Feb 17 13:35:58 CET: SSH2 1: SSH2_MSG_KEXINIT received
Feb 17 13:35:58 CET: SSH2 1: kex: client->server enc:3des-cbc mac:hmac-sha1
Feb 17 13:35:58 CET: SSH2 1: kex: server->client enc:3des-cbc mac:hmac-sha1
Feb 17 13:35:58 CET: %SSH-3-NO_MATCH: No matching kex algorithm found: client diffie-hellman-group1-sha1 server diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
But with local ssh client on solaris 10 server access is possible.
Does anybody of you out there know how to enable Diffie-Hellmann group 14 for Key-Exchange within Cisco LMS?
Thanks for any feedback.
Lothar