Cisco WS-C2960X-48FPS-L - Key exchange algorithms

RS19 · ‎01-25-2024

I wanted to know whether Cisco WS-C2960X-48FPS-L with IOS 15.2(6) E2 supports any of the below

Key exchange algorithms:

curve25519-sha256
curve25519-sha256@libssh.org
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
diffie-hellman-group-exchange-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group14-sha256

In the switch when I did show ip ssh, I got the below output. So wanted to understand if any of the above is supported.
SSH Enabled - version 2.0
Authentication methods:publickey,keyboard-interactive,password
Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa
Hostkey Algorithms:x509v3-ssh-rsa,ssh-rsa
Encryption Algorithms:aes128-ctr,aes192-ctr,aes256-ctr
MAC Algorithms:hmac-sha1,hmac-sha1-96
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded): abc.com
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCbfyQ/fF6GhVNhvqPsPpJXIt7utjxRkHV21FtZlJr0
v9JTbRA67vrPtPai011425N+wU+vAm2Xl70mPAm+A/JEuNnSn0Tz/tJWrSCJaZ9IK+j/ZZ5z9WqXJMQi
b+UiXc/V0+uScuLDhf2bxaeaNaksx4dJezPiNssdvri3jnfsrQ==

RS19 · ‎01-25-2024

any help

RS19 · ‎01-28-2024

any help on this ?

liviu.gheorghe · ‎01-29-2024

Hello @RS19 ,

it seems that in IOS 15 you only have these options:

(config)#ip ssh client algorithm kex ?
diffie-hellman-group-exchange-sha1 DH_GRPX_SHA1 diffie-hellman key exchange algorithm
diffie-hellman-group14-sha1 DH_GRP14_SHA1 diffie-hellman key exchange algorithm

Hope it helps.

Regards, LG
*** Please Rate All Helpful Responses ***

RS19 · ‎01-30-2024

which model switch you tested the above ?