Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
53449
Views
36
Helpful
5
Replies

ssh error message "CBC Ciphers got moved out of default config"

Go to solution
ruslan932
Level 1
Level 1

‎06-06-2019 05:41 AM

Hello,

 

i have a new 3650 Switch and when i using ssh i got "%SSH: CBC Ciphers got moved out of default config. Please configure ciphers as required(to match peer ciphers)
[Connection to 10.1.33.3 aborted: error status 0]".

 

 

is there anyone face such issue?

7 people had this problem
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Jaderson Pessoa
VIP Alumni
VIP Alumni

‎06-06-2019 05:45 AM - edited ‎06-06-2019 05:46 AM

@ruslan932 hello,

try run it: sw(config): crypto key generate rsa modulus 2048 and test again.

Jaderson Pessoa
*** Rate All Helpful Responses ***

View solution in original post

0 Helpful

Go to solution
ruslan932
Level 1
Level 1
In response to Jaderson Pessoa

‎06-06-2019 06:46 AM

Hi!

Command(only) crypto key generate rsa modulus 2048 is not enough.

 

Solution: using also this command:

 

Switch(config)#ip ssh client algorithm encryption ?
3des-cbc Three-key 3DES in CBC mode
aes128-cbc AES with 128-bit key in CBC mode
aes128-ctr AES with 128-bit key in CTR mode
aes192-cbc AES with 192-bit key in CBC mode
aes192-ctr AES with 192-bit key in CTR mode
aes256-cbc AES with 256-bit key in CBC mode
aes256-ctr AES with 256-bit key in CTR mode

 

Thanks for your attention!

View solution in original post

5 Replies 5

Go to solution
Jaderson Pessoa
VIP Alumni
VIP Alumni

‎06-06-2019 05:45 AM - edited ‎06-06-2019 05:46 AM

@ruslan932 hello,

try run it: sw(config): crypto key generate rsa modulus 2048 and test again.

Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful

Go to solution
ruslan932
Level 1
Level 1
In response to Jaderson Pessoa

‎06-06-2019 06:46 AM

Hi!

Command(only) crypto key generate rsa modulus 2048 is not enough.

 

Solution: using also this command:

 

Switch(config)#ip ssh client algorithm encryption ?
3des-cbc Three-key 3DES in CBC mode
aes128-cbc AES with 128-bit key in CBC mode
aes128-ctr AES with 128-bit key in CTR mode
aes192-cbc AES with 192-bit key in CBC mode
aes192-ctr AES with 192-bit key in CTR mode
aes256-cbc AES with 256-bit key in CBC mode
aes256-ctr AES with 256-bit key in CTR mode

 

Thanks for your attention!

Go to solution
Ricky S
Level 3
Level 3
In response to ruslan932

‎08-14-2020 08:16 AM

Thanks. This solved my problem also.
0 Helpful

Go to solution
it_sa
Level 1
Level 1
In response to ruslan932

‎01-18-2021 01:46 AM

I've got this problem after upgrade router 2951/K9 from 15.1(4)M1 to 15.7(3)M7.

I've fixed the problem as described upper by the command :

ip ssh client algorithm encryption aes128-cbc aes128-ctr aes192-cbc aes192-ctr aes256-cbc aes256-ctr

@ruslan932 , thank you!!!

Go to solution
VimalDhasmana9182
Level 1
Level 1
In response to Jaderson Pessoa

‎06-24-2020 09:57 PM - edited ‎06-24-2020 09:58 PM

getting below error while taking ssh session- device (Cisco 3650)

 

%SSH: CBC Ciphers got moved out of default config. Please configure ciphers as required(to match peer ciphers)
[Connection to 10.139.xx.xx aborted: error status 0]

 

Issued below command, but still getting same error

( config)#crypto key generate rsa modulus 2048 

 

 

 

 

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card