10-08-2018 02:04 AM - edited 03-10-2019 01:06 AM
Hi Team,
im trying to ssh switch but getting below error
ssh dduser@XX.XX.XX.XX
Unable to negotiate with 172.19.12.4 port 22: no matching cipher found. Their offer: 3des-cbc
if i used below cmd will get access.
ssh -c 3des-cbc dduser@XX.XX.XX.XX
Please let me know this switches (WS-C2950G-24-EI )can support algorithm encryption aes128-cbc ?
With 12.1(22)EA13 veersion.
Solved! Go to Solution.
10-08-2018 02:45 AM
Run that command from a host CLI which has nmap installed. Not the switch.
cheers,
Seb.
10-08-2018 02:28 AM
Hi there,
The images released for the 2950G are of such a vintage that I doubt these ‘next-generation’ ciphers are available.
This document:
https://www.cisco.com/c/en/us/about/security-center/next-generation-cryptography.html
…dated 2012 recommends replacing 3DES with AES. So it is probably safe to assume the 2950G image builds were not around when Cisco was making this transition.
Nmap has a built in script you run against your switches to determine ciphersuite:
nmap --script ssh2-enum-algos -sV -p <port> <host>
cheers,
Seb.
10-08-2018 02:41 AM
HI Sep,
thanks for the reply...
how do i run below script on switch ?
nmap --script ssh2-enum-algos -sV -p <port> <host>
Regards,
Amol
10-08-2018 02:45 AM
Run that command from a host CLI which has nmap installed. Not the switch.
cheers,
Seb.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide