cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1904
Views
5
Helpful
2
Replies

Cisco ir829 - No matching kex algorithm found

Jon Are Endrerud
Beginner
Beginner

Hello

 

Trying to pickup files with scp from Cisco I829 with fw (ir800-universalk9-mz.SPA.159-3.M2a).

R241#show ip ssh 
SSH Enabled - version 2.0
Authentication methods:publickey,keyboard-interactive,password
Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa
Hostkey Algorithms:x509v3-ssh-rsa,ssh-rsa
Encryption Algorithms:aes128-ctr,aes192-ctr,aes256-ctr
MAC Algorithms:hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96
KEX Algorithms:diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 2048 bits

To a ubuntu host with defined algorithms:

diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
curve25519-sha256
curve25519-sha256@libssh.org
sntrup4591761x25519-sha512@tinyssh.org

I get:

%SSH-3-NO_MATCH: No matching kex algorithm found: client diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 server curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256

Can anyone help me with this problem ?

 

SSH from the ubuntu to router gives the same error.

 

Regards 

Jon

 

Please rate as helpful, if that would be the case. Thanx
2 Replies 2

Giuseppe Larosa
Hall of Fame Master Hall of Fame Master
Hall of Fame Master

Hello Jon,

I think you need to modify the configuration file of sshd process on the Ubuntu box to add some algorithms supported by the Cisco IR829 router. Look for documentation in Ubuntu to find where the config file is and edit it and restart sshd process.

 

Hope to help

Giuseppe

 

Have tried this, and as far as I can see they match up. Using the same algoritm with SecureCRT. Will check with linux community.

Thank you.

Please rate as helpful, if that would be the case. Thanx
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers