cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
709
Views
5
Helpful
3
Replies
Beginner

Cipher error on WS-C2950G-24-EI switch |

Hi Team,

 

im trying to ssh switch but getting below error

 

ssh dduser@XX.XX.XX.XX

Unable to negotiate with 172.19.12.4 port 22: no matching cipher found. Their offer: 3des-cbc

 

if i used below cmd will get access.

ssh -c 3des-cbc dduser@XX.XX.XX.XX 

 

Please let me know this switches (WS-C2950G-24-EI )can support algorithm encryption aes128-cbc ?

 

With 12.1(22)EA13 veersion.

 

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Advisor

Re: Cipher error on WS-C2950G-24-EI switch |

Run that command from a host CLI which has nmap installed. Not the switch.

 

cheers,

Seb.

View solution in original post

3 REPLIES 3
Highlighted
VIP Advisor

Re: Cipher error on WS-C2950G-24-EI switch |

Hi there,

The images released for the 2950G are of such a vintage that I doubt these ‘next-generation’ ciphers are available.

 

This document:

https://www.cisco.com/c/en/us/about/security-center/next-generation-cryptography.html

 

…dated 2012 recommends replacing 3DES with AES. So it is probably safe to assume the 2950G image builds were not around when Cisco was making this transition.

 

Nmap has a built in script you run against your switches to determine ciphersuite:

nmap --script ssh2-enum-algos -sV -p <port> <host>

 

  

cheers,

Seb.

Highlighted
Beginner

Re: Cipher error on WS-C2950G-24-EI switch |

HI Sep,

 

thanks for the reply... 

 

how do i run below script  on switch ? 

 

nmap --script ssh2-enum-algos -sV -p <port> <host>

 Regards,

Amol

Highlighted
VIP Advisor

Re: Cipher error on WS-C2950G-24-EI switch |

Run that command from a host CLI which has nmap installed. Not the switch.

 

cheers,

Seb.

View solution in original post