Change cipher in switch

Leftz · ‎07-29-2022

Hi We have switch CISCO2921/K9. I am going to add commands as below. but do not know why it cannot be added into. Is this switch version issue or something else? There is " ^ " error under client and server when adding the command Thank you

ip ssh client algorithm encryption aes256-ctr aes192-ctr aes128-ctr
ip ssh server algorithm encryption aes256-ctr aes192-ctr aes128-ctr

MHM Cisco World · ‎07-29-2022

do you config RSA key and domain ?

double check these steps

https://www.cisco.com/c/en/us/support/docs/security-vpn/secure-shell-ssh/4145-ssh.html

Georg Pauwen · ‎07-29-2022

Hello,

where is the '^' error ? What do you get after:

Router(config)#ip ssh client algorithm encryption ?

Leftz · ‎07-29-2022

Thanks for your reply. Please see the below

and i also added command " crypto key generate rsa" and domain already exists

MHM Cisco World · ‎07-29-2022

ip ssh <<- this first
ip ssh client algorithm
ip ssh server algorithm

Leftz · ‎07-29-2022

a1(config)#ip ssh
% Incomplete command.

a1(config)#ip ssh client
a1(config)#ip ssh client ?
% Unrecognized command

Is this what you mean? thanks

MHM Cisco World · ‎07-29-2022

"""If your SSH configuration commands are rejected as illegal commands, you have not successfully generated an RSA key pair for your router. Make sure that you have specified a hostname and domain. Then use the crypto key generate rsacommand to generate an RSA key pair and enable the SSH server."""

Georg Pauwen · ‎07-29-2022

Hello,

can you post the output of:

sh ver

sh run

Leftz · ‎07-29-2022

I can post version, but not running. and i will check ssh again. thanks

config)#do show ver
NJ4050V2911A01(config)#do show version
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.2(4)M4, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Thu 20-Jun-13 13:06 by prod_rel_team

ROM: System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)

NJ4050V2911A01 uptime is 16 weeks, 5 days, 10 hours, 54 minutes
System returned to ROM by power-on
System restarted at 06:06:24 UTC Sun Apr 3 2022
System image file is "flash0:c2900-universalk9-mz.SPA.152-4.M4.bin"
Last reload type: Normal Reload
Last reload reason: power-on

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco CISCO2921/K9 (revision 1.0) with 487424K/36864K bytes of memory.
Processor board ID FTX
3 Gigabit Ethernet interfaces
1 terminal line
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash 0 (Read/Write)

License Info:

License UDI:

-------------------------------------------------
Device# PID SN
-------------------------------------------------
*0 CISCO2921/K9 F

Technology Package License Information for Module:'c2900'

-----------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
------------------------------------------------------------------
ipbase ipbasek9 Permanent ipbasek9
security securityk9 Permanent securityk9
uc None None None
data None None None

Configuration register is 0x2102