Hi all,

trying to archive configuration on cisco routers having ip ssh configured with:

ip ssh dh min size 2048

results in following error message on router:

Feb 17 13:35:58 CET: SSH1: sent protocol version id SSH-2.0-Cisco-1.25

Feb 17 13:35:58 CET: SSH1: protocol version id is - SSH-2.0-CmdSvc

Feb 17 13:35:58 CET: SSH2 1: send:packet of  length 320 (length also includes padlen of 8)

Feb 17 13:35:58 CET: SSH2 1: SSH2_MSG_KEXINIT sent

Feb 17 13:35:58 CET: SSH2 1: ssh_receive: 248 bytes received

Feb 17 13:35:58 CET: SSH2 1: input: total packet length of 248 bytes

Feb 17 13:35:58 CET: SSH2 1: partial packet length(block size)8 bytes,needed 240 bytes,

               maclen 0

Feb 17 13:35:58 CET: SSH2 1: input: padlength 6 bytes

Feb 17 13:35:58 CET: SSH2 1: SSH2_MSG_KEXINIT received

Feb 17 13:35:58 CET: SSH2 1: kex: client->server enc:3des-cbc mac:hmac-sha1

Feb 17 13:35:58 CET: SSH2 1: kex: server->client enc:3des-cbc mac:hmac-sha1

Feb 17 13:35:58 CET: %SSH-3-NO_MATCH: No matching kex algorithm found: client diffie-hellman-group1-sha1 server diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1

But with local ssh client on solaris 10 server access is possible.

Does anybody of you out there know how to enable Diffie-Hellmann group 14 for Key-Exchange within Cisco LMS?

Thanks for any feedback.

Lothar