Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
378
Views
0
Helpful
0
Replies

DSS/DSA SSH client from IOS 4010 possible?

bnidacoc
Level 1
Level 1

‎12-13-2022 08:11 AM


I've been trying to SSH to a non-Cisco device physically remote from me. This device seems to have lost its default gateway. We used to be able to reach it remotely via HTTP. I'm trying to SSH to it from a local router.

From the local IE 4010 running 15.2(8)E1, I can establish local IP connectivity, using ICMP.  The device doesn't answer telnet. SSH from the 4010 is able to start communication with it, however the application connection never fully completes establishment.

I debugged client from the 4010, below is what I've got.


Dec 13 10:14:59.040: SSH CLIENT0: protocol version id is - SSH-2.0-Mocana SSH
Dec 13 10:14:59.040: SSH CLIENT0: sent protocol version id SSH-1.99-Cisco-1.25
Dec 13 10:14:59.040: SSH CLIENT0: protocol version exchange successful
Dec 13 10:14:59.040: SSH2 CLIENT 0: kexinit sent: kex algo = diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
Dec 13 10:14:59.040: SSH2 CLIENT 0: kexinit sent: encryption algo = aes128-ctr,aes192-ctr,aes256-ctr
Dec 13 10:14:59.040: SSH2 CLIENT 0: kexinit sent: mac algo = hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96
Dec 13 10:14:59.040: SSH2 CLIENT 0: send:packet of length 312 (length also includes padlen of 4)
Dec 13 10:14:59.040: SSH2 CLIENT 0: SSH2_MSG_KEXINIT sent
Dec 13 10:14:59.043: SSH2 CLIENT 0: ssh_receive: 416 bytes received
Dec 13 10:14:59.043: SSH2 CLIENT 0: input: total packet length of 416 bytes
Dec 13 10:14:59.043: SSH2 CLIENT 0: partial packet length(block size)8 bytes,needed 408 bytes,
maclen 0
Dec 13 10:14:59.043: SSH2 CLIENT 0: input: padlength 5 bytes
Dec 13 10:14:59.043: SSH2 CLIENT 0: SSH2_MSG_KEXINIT received
Dec 13 10:14:59.043: SSH2 CLIENT 0: kex: server->client enc:aes128-ctr mac:hmac-sha1
Dec 13 10:14:59.043: SSH2 CLIENT 0: kex: client->server enc:aes128-ctr mac:hmac-sha1
Dec 13 10:14:59.043: %SSH-3-NO_MATCH: No matching hostkey algorithm found: client ssh-rsa server ssh-dss
Dec 13 10:14:59.043: SSH CLIENT0: key exchange failure (code = 0)

"client ssh-rsa server ssh-dss"

It appears to me that this remote device only supports dss (same as DSA???). If that appearance is correct, I've tried to uncover allowing/configuring a SSH client session from the 4010 to use dsa. I've not found a way.

I've found that NX-OS and some remote access routers work with dsa, but IOS on a 4010 seems to be another thing.

Can anyone confirm that dsa (dss) on an IOS 4010 is just not possible at this time?  If it is, can you point me in the proper direction?

Thanks.

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card