Re: c9300 can't SSH to other device after upgrade to IOS-XE 17

Ethan and Mia · ‎01-23-2021

Hi , I have some issue after upgrade the switch firmware to IOs-XE17

Before upgrade normally SSH to other devices

detail configuration as simple

all devices configuration as detal beloew

no aaa new model

hostname xxx

ip do mainname xxx

cryto key gen rsa 1024

line vty x x

transport input ssh

login local

Butt after running to new OS when SSH to other device system warning

SwitchC9300#ssh 10.10.10.10
[Connection to 10.10.10.10 aborted: error status 0]
SwitchC9300#
Jan 23 : %SSH-3-NO_MATCH: No matching mac found: client hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512 server hmac-sha1,hmac-sha1-96

Karsten Iwen · ‎01-23-2021

The device you are trying to connect to only has legacy MACs configured. You switch only uses more modern ones. You have to reconfigure the SSH-settings on the server to something "better".

And for your switch-config (RSA 1024 is for the last century) you can look at my SSH-Guide:
https://community.cisco.com/t5/security-documents/guide-to-better-ssh-security/ta-p/3133344

balaji.bandi · ‎01-23-2021

DH expected 2048

Follow the below guide and configure right MAC

https://mwhubbard.blogspot.com/2020/06/disable-weak-sshssl-ciphers-in-cisco-ios.html

https://community.cisco.com/t5/security-documents/guide-to-better-ssh-security/ta-p/3133344

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help