cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
781
Views
0
Helpful
1
Replies

CiscoPrime LMS 4.2.5 -- Implemented SSH does not support Diffie-Hellman group 14

lo.mueller
Beginner
Beginner

Hi all,

trying to archive configuration on cisco routers having ip ssh configured with:

ip ssh dh min size 2048

results in following error message on router:

Feb 17 13:35:58 CET: SSH1: sent protocol version id SSH-2.0-Cisco-1.25

Feb 17 13:35:58 CET: SSH1: protocol version id is - SSH-2.0-CmdSvc

Feb 17 13:35:58 CET: SSH2 1: send:packet of  length 320 (length also includes padlen of 8)

Feb 17 13:35:58 CET: SSH2 1: SSH2_MSG_KEXINIT sent

Feb 17 13:35:58 CET: SSH2 1: ssh_receive: 248 bytes received

Feb 17 13:35:58 CET: SSH2 1: input: total packet length of 248 bytes

Feb 17 13:35:58 CET: SSH2 1: partial packet length(block size)8 bytes,needed 240 bytes,

               maclen 0

Feb 17 13:35:58 CET: SSH2 1: input: padlength 6 bytes

Feb 17 13:35:58 CET: SSH2 1: SSH2_MSG_KEXINIT received

Feb 17 13:35:58 CET: SSH2 1: kex: client->server enc:3des-cbc mac:hmac-sha1

Feb 17 13:35:58 CET: SSH2 1: kex: server->client enc:3des-cbc mac:hmac-sha1

Feb 17 13:35:58 CET: %SSH-3-NO_MATCH: No matching kex algorithm found: client diffie-hellman-group1-sha1 server diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1

But with local ssh client on solaris 10 server access is possible.

Does anybody of you out there know how to enable Diffie-Hellmann group 14 for Key-Exchange within Cisco LMS?

Thanks for any feedback.

Lothar

1 Reply 1

Marvin Rhoads
VIP Community Legend VIP Community Legend
VIP Community Legend

As far as I know, there's no supported way to do this.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers