09-01-2016 06:10 PM - edited 03-08-2019 07:16 AM
We have a Catalyst 4506 switch with Supervisor IV model WS-X4515, ROM version 12.2(20r)EW1, IOS version 12.2(52)SG.
When connecting to this unit via SSH for administration from Linux (ex: Fedora 24, OpenSSH v7.2p2), fails with message:
no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
We can connect successfully with SSH command line option:
-oKexAlgorithms=+diffie-hellman-group1-sha1
Can the switch be configured to use a stronger key exchange algorithm? If not, is it due to hardware limitation? Are stronger algorithms supported by newer IOS versions?
11-08-2016 06:15 AM
We have the same problem. We are using SecureCRT with SSH2 to manage the catalyst 4500 and the catalyst 6500 switches.
The CAT4500 swithces are with Sup IV (4506) and Sup V (4510). We are using IOS version 15.0(2)SG10
The CAT 6500 switches are with Sup32 and the IOS version is 12.2(33)SXI14
SecureCRT gives the following answere:
Key exchange failed.
No compatible key-exchange method. The server supports these methods: diffie-hellman
The diffie-hellman key-exchange method is off by default to address the Logjam
vulnerability. It can be turned on in the Sessions Options dialog in the
Connection/SSH2 category in order to connect to servers that only support
diffie-hellman.
To switch the diffie-hellman jey exchange to on we can manage the switch, but can the cat4500 and /or the cat6500 switch have a stronger key-exchange?
04-24-2018 09:41 PM - edited 04-24-2018 09:42 PM
I found it on 1841 with Version 12.4(19). Which start version no need to edit the SecureCRT?
Thank you very much.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide