Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2969
Views
0
Helpful
1
Replies

No matching hostkey algorithm found: client ssh-dss server ssh-rsa

lesbia.rosa
Level 1
Level 1

‎12-19-2018 11:36 AM - edited ‎03-03-2019 08:58 AM

Hi there!

 

I got these logs on cisco WS-C6506-E --aggregation device (s72033_rp-ADVENTERPRISEK9-M), Version 15.1(2)SY8, RELEASE SOFTWARE (fc5)--. Can someone help me know what's wrong?

 

Dec 17 18:59:21: %SSH-3-NO_MATCH: No matching hostkey algorithm found: client ssh-dss server ssh-rsa
Dec 17 18:59:21: %SSH-3-DH_SIZE: DH public key size > DH group key size(128)
Dec 17 18:59:21: %SSH-3-NO_MATCH: No matching hostkey algorithm found: client ecdsa-sha2-nistp256 server ssh-rsa
Dec 17 18:59:22: %SSH-3-NO_MATCH: No matching hostkey algorithm found: client ssh-dss server ssh-rsa
Dec 17 18:59:22: %SSH-3-NO_MATCH: No matching hostkey algorithm found: client ecdsa-sha2-nistp384 server ssh-rsa
Dec 17 18:59:22: %SSH-3-NO_MATCH: No matching hostkey algorithm found: client ecdsa-sha2-nistp521 server ssh-rsa
Dec 17 18:59:22: %SSH-3-NO_MATCH: No matching hostkey algorithm found: client ssh-ed25519 server ssh-rsa
Dec 17 18:59:22: %SSH-4-SSH2_UNEXPECTED_MSG: Unexpected message type has arrived. Terminating the connection 
Dec 17 18:59:22: %SSH-3-NO_MATCH: No matching hostkey algorithm found: client ecdsa-sha2-nistp256 server ssh-rsa
Dec 17 18:59:23: %SSH-3-NO_MATCH: No matching hostkey algorithm found: client ecdsa-sha2-nistp384 server ssh-rsa
Dec 17 18:59:23: %SSH-3-NO_MATCH: No matching hostkey algorithm found: client ecdsa-sha2-nistp521 server ssh-rsa
Dec 17 18:59:23: %SSH-3-NO_MATCH: No matching hostkey algorithm found: client ssh-ed25519 server ssh-rsa

2 people had this problem
Labels:
0 Helpful
1 Reply 1

Georg Pauwen
VIP
VIP

‎12-21-2018 11:35 AM

Hello,

 

both ecdsa and ed25519 are relatively new encryption standards which are probably not supported by the 6509 (which is a very old switch). Hence the warnings...

 

ecdsa is a Digital Signature Algorithm standarized by the US government, using elliptic curves. Don't ask me what elliptic curves are, but if the government uses it, it is probably a very high encryption level.

 

ed25519 is is a new algorithm added in OpenSSH. Support for it in clients is not yet universal. Thus its use in general purpose applications may not yet be advisable.

 

 

0 Helpful
Customers Also Viewed These Support Documents