10-08-2018 02:04 AM - edited 03-10-2019 01:06 AM
Hi Team,
im trying to ssh switch but getting below error
ssh dduser@XX.XX.XX.XX
Unable to negotiate with 172.19.12.4 port 22: no matching cipher found. Their offer: 3des-cbc
if i used below cmd will get access.
ssh -c 3des-cbc dduser@XX.XX.XX.XX
Please let me know this switches (WS-C2950G-24-EI )can support algorithm encryption aes128-cbc ?
With 12.1(22)EA13 veersion.
Solved! Go to Solution.
10-08-2018 02:45 AM
Run that command from a host CLI which has nmap installed. Not the switch.
cheers,
Seb.
10-08-2018 02:28 AM
Hi there,
The images released for the 2950G are of such a vintage that I doubt these ‘next-generation’ ciphers are available.
This document:
https://www.cisco.com/c/en/us/about/security-center/next-generation-cryptography.html
…dated 2012 recommends replacing 3DES with AES. So it is probably safe to assume the 2950G image builds were not around when Cisco was making this transition.
Nmap has a built in script you run against your switches to determine ciphersuite:
nmap --script ssh2-enum-algos -sV -p <port> <host>
cheers,
Seb.
10-08-2018 02:41 AM
HI Sep,
thanks for the reply...
how do i run below script on switch ?
nmap --script ssh2-enum-algos -sV -p <port> <host>
Regards,
Amol
10-08-2018 02:45 AM
Run that command from a host CLI which has nmap installed. Not the switch.
cheers,
Seb.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: