Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1697
Views
0
Helpful
1
Replies

Changing diffie-hellman key size on sg500x-48p

TauTech65610
Level 1
Level 1

‎06-11-2020 11:16 AM

Greetings,

 

I've recently been tasked with making some of my servers FIPS-compliant.  In the process I've run into a problem accessing my sg500x-48p switch via SSH.  I get the following error:

 

no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

 

I've searched and found similar issues here and elsewhere which were solved by increasing the size of the  diffie-hellman key used to something like 2048 or 4096 with the cli command `ip ssh dh min size 2048`.  This command doesn't seem to be supported by my switch though, I've searched the CLI manual and can't find an equivalent command.  I've updated my switch to the latest available firmware.  According to cisco the switch is still supported but no longer sold.  Thanks to any who can offer some insight.

1 person had this problem
Labels:
0 Helpful
1 Reply 1

Deepak Kumar
VIP Alumni
VIP Alumni

‎06-11-2020 12:21 PM

Hi,

I am not sure about the specific switch but you can change the same "ip ssh server algorithm <>"

 

Are you using any old version of SecureCRT or Putty? Try with an updated version SSH client. 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card