Dear pman,

Refer to the post, there is command "ip ssh server algorithm encryption XXX" with IOS, but this command could not found in my Cisco Catalyst 2960 & 4506, I am not sure if it is relate to IOS version or model .

Dear pman,

Thanks for reply.

But I tried the command in the switch but fail as below, not sure if it is relate to IOS version or model .

Test Result

Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#ip ssh server ?
% Unrecognized command
Switch(config)#ip ssh ?
authentication-retries Specify number of authentication retries
break-string break-string
dh Diffie-Hellman
dscp IP DSCP value for SSH traffic
logging Configure logging for SSH
maxstartups Maximum concurrent sessions allowed
port Starting (or only) Port number to listen on
precedence IP Precedence value for SSH traffic
pubkey-chain pubkey-chain
rekey Configure rekey values
rsa Configure RSA keypair name for SSH
source-interface Specify interface for source address in SSH connections
stricthostkeycheck Enable SSH Server Authentication
time-out Specify SSH time-out interval
version Specify protocol version to be supported

Switch(config)#end

Ok on what switch you trying this ?  (2K or 4K)

can you post below output :

show version

show ip ssh 

Hi,

I have 2 switch that are Cisco Catalyst 2960 & 4506, and the CLI outcome are as below, thanks for your help.

Cisco 2960

Switch#show version
Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 15.0(2)SE11, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2017 by Cisco Systems, Inc.
Compiled Sat 19-Aug-17 09:34 by prod_rel_team

ROM: Bootstrap program is C2960 boot loader
BOOTLDR: C2960 Boot Loader (C2960-HBOOT-M) Version 15.0(2r)EZ1, RELEASE SOFTWARE (fc1)

Switch uptime is 16 weeks, 2 days, 6 hours, 16 minutes
System returned to ROM by power-on
System restarted at 08:38:00 HK Tue Jun 29 2021
System image file is "flash:/c2960-lanbasek9-mz.150-2.SE11/c2960-lanbasek9-mz.150-2.SE11.bin"

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco WS-C2960+24TC-L (PowerPC405) processor (revision B0) with 131072K bytes of memory.
Processor board ID XXX
Last reset from power-on
2 Virtual Ethernet interfaces
24 FastEthernet interfaces
2 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.

64K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : XXX
Motherboard assembly number : XXX
Power supply part number : XXX
Motherboard serial number : XXX
Power supply serial number : XXX
Model revision number : B0
Motherboard revision number : B0
Model number : WS-C2960+24TC-L
System serial number : XXX
Top Assembly Part Number : XXX
Top Assembly Revision Number : C0
Version ID : V01
CLEI Code Number : XXX
Hardware Board Revision Number : 0x0B

Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 26 WS-C2960+24TC-L 15.0(2)SE11 C2960-LANBASEK9-M

Configuration register is 0xF

Switch#show ip ssh
SSH Enabled - version 2.0
Authentication timeout: 60 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded):
ssh-rsa XXX

Cisco 4506

Switch#show version
Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500-ENTSERVICESK9-M), Version 15.0(2)SG7, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Wed 01-May-13 18:06 by prod_rel_team
Image text-base: 0x10000000, data-base: 0x123AB54C

ROM: 12.2(31r)SGA2
Dagobah Revision 226, Swamp Revision 34

npdm2rtc01 uptime is 1 year, 13 weeks, 5 days, 13 hours, 44 minutes
System returned to ROM by reload
System restarted at 01:13:24 HK Fri Jul 17 2020
System image file is "bootflash:/cat4500-entservicesk9-mz.150-2.SG7.bin"
Last reload reason: Reload command

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco WS-C4506-E (MPC8245) processor (revision 4) with 524288K bytes of memory.
Processor board ID XXX
MPC8245 CPU at 400Mhz, Supervisor V
Last reset from Reload
83 Virtual Ethernet interfaces
26 Gigabit Ethernet interfaces
511K bytes of non-volatile configuration memory.

Configuration register is 0x2102

Switch#show ip ssh
SSH Enabled - version 2.0
Authentication timeout: 120 secs; Authentication retries: 3

Look like you have version have limitation check the below :

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_ssh/configuration/15-s/sec-usr-ssh-15-s-book/sec-secure-shell-algorithm-ccc.html

Hi,

As I mentioned above, including a quote of the version.
Your version does not support this feature

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_ssh/configuration/15-s/sec-usr-ssh-15-s-book/sec-secure-shell-algorithm-ccc.html

Hi,

Thanks for your information.