Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1271
Views
1
Helpful
3
Replies

I am having and SSH issue in EVE-NG on cisco Version 15.9(3)M6 router

w1993834
Level 1
Level 1

‎11-11-2023 03:16 PM

I have been trying to establish an SSH connection from my EVE-NG Ubuntu station to an image of a Cisco Version 15.9(3)M6 router and I keep getting the error "no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1" on my Ubuntu machine. 

Mind you I have already adjusted ssh_config file on my Ubuntu work station with:

"Host 192.168.0.100

  KexAlgorithms +diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1"

Also SSH works fine in EVE with my layer 3 Cisco switch image I have. I simply need to add the above text to the ssh_config file on my Ubuntu station (adjusting host IP accordingly). I have used the same ssh configs on both the switch and router.

"hostname device

ip domain name cisco.com

username admin priv 15 password admin

crypto key generate rsa modulus 2048

line vty 0 15

transport input ssh

login local"

 show ip ssh output on router:

"SSH Enabled - version 1.99
Authentication methods:publickey,keyboard-interactive,password
Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa
Hostkey Algorithms:x509v3-ssh-rsa,ssh-rsa
Encryption Algorithms:aes128-ctr,aes192-ctr,aes256-ctr
MAC Algorithms:hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96
KEX Algorithms:diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 2048 bits"

I have tried adjusting the modulus bits from 1024-4096 but still no luck.

Has anyone experienced a similar issue in EVE-NG? Any further suggestion I could try? I am happy to provide more configs if it would help. 

    

 

 

Labels:
0 Helpful
3 Replies 3

Kasun Bandara
VIP
VIP

‎11-11-2023 07:24 PM

@w1993834 as per the error message your SSH client not support proposed KEX by router. try enabling required KEX in your SSH client. alternatively use Putty  with enabling all supported KEX.

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB
0 Helpful

Jsapkom
Level 1
Level 1

‎03-25-2024 08:32 AM

looks lie you have only adjusted to host 192.168.0.100 only. Just need to put * for all the hosts

0 Helpful

Jsapkom
Level 1
Level 1
In response to Jsapkom

‎03-25-2024 08:45 AM

Ignore the above as i See you had this done. The ssh_configs need to be adjusted in the ubuntu which is acting as client to the ssh.server. No need to adjust it to the server. Enable ip-ssh version 2

kexAlgorithms +diffie-hellman-group14-sha1

ciphers +aes128-cbc

PublickeyAcceptedAlgorithms +ssh-rsa

HostKeyAlgorithms  +ssh-rsa

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card