08-17-2018 09:58 AM - edited 03-08-2019 03:56 PM
So today I had an SSH session going to my ISR 3925 SEC/K9 running IOS version 15.7 and I suddenly lost the connection. When I tried to reconnect I received the error in Putty stating that the connection was refused. I quickly obtained a console connection to the device and this log message was logging consistently to the console.
%SSH-3-NO_MATCH: No matching cipher found: client aes128-cbc,blowfish-cbc,3des-cbc server aes128-ctr,aes192-ctr,aes256-ctr
After re establishing console access to the device I have tested the ssh via a remote site and testing completed successfully.
I am the only one who is trying to connect to the device that I am aware of. This log message is awfully troubling to me, any ideas?
08-17-2018 10:17 AM
Hi,
Did you recently upgrade the IOS on this router? In some platforms, after an upgrade, SSH becomes unusable and so you have to redo the SSH key to get it working again.
HTH
08-17-2018 10:18 AM
08-17-2018 11:07 AM
Thanks for the advise Reza.
I did regenerate the RSA keys and power cycled the router, this did not help. I Disabled SSH as an access protocol on the the vty line. The logs are clean now but obviously I do not have remote access to the unit over ssh.
08-17-2018 11:30 AM - edited 08-17-2018 11:30 AM
Hi,
This may be a bug. The only thing I could find is a similar bug but associated with the 7ks and not your platform. Open a ticket with TAC and send them the logs. This may be a known issue.
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCut72659/?rfs=iqvred
HTH
05-01-2019 11:16 AM
I apologize in advance for resurrecting a dead thread..
The issue is that PuTTY is attempting to use block-chaining (aes128-cbc) whereas the IOS router is configured to only accept counter mode (aes128-ctr).
Either:
ip ssh server algorithm encryption aes256-ctr aes192-ctr aes128-ctr aes256-cbc aes192-cbc aes128-cbc
ssh -c aes128-ctr username@host
Hopefully that helps.
Cheers
09-27-2019 04:49 AM - edited 09-27-2019 04:51 AM
Hi Guys,
Take in place the configuration below:
ip ssh server algorithm encryption aes128-cbc 3des-cbc aes192-cbc aes256-cbc aes128-ctr aes192-ctr aes256-ctr
It worked for me.
IOS Version 15.0(1r)M12 - Router CISCO1905/K9.
10-16-2019 01:22 AM
09-27-2019 06:41 AM
Thanks for the insight. I will look into this one and keep you posted.
05-05-2020 06:01 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide