cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Ask the Expert- SD-WAN

27562
Views
40
Helpful
11
Replies
Beginner

SSH error message "No matching ciphers found"

Hello,

 

i have a new 3850 Switch and i configured ip ssh ver 2 and all ssh commands but when i access the switch using ssh i got "No matching ciphers found. Client (x.x.x.x) supported ciphers :  aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se .Server supported ciphers : aes128-ctr​".

 

"%SSH-3-DH_RANGE_FAIL: Client DH key range mismatch with minimum configured DH key on server​" log on switch

Also got " No compatible Cipher. The server supports these ciphers:aes128-ctr,aes192-ctr,aes256-ctr" message on my secureCRT

 

is there anyone face such issue.

2 ACCEPTED SOLUTIONS

Accepted Solutions
VIP Expert

Re: SSH error message "No matching ciphers found"

Hi,

What is the output of "sh ip ssh"?

Also, what client software are you using to access the switch?

HTH

Beginner

Re: SSH error message "No matching ciphers found"

to solve this issue we must use SecureCRT new versions not old Versions.

11 REPLIES 11
VIP Expert

Re: SSH error message "No matching ciphers found"

Hi,

What is the output of "sh ip ssh"?

Also, what client software are you using to access the switch?

HTH

Beginner

Re: SSH error message "No matching ciphers found"

from butty SSH working fine but from SecureCRT not connected.

 

Kindly find the show ip ssh output as well as the running software version.

SSH Enabled - version 2.0
Authentication methods:publickey,keyboard-interactive,password
Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa
Hostkey Algorithms:x509v3-ssh-rsa,ssh-rsa
Encryption Algorithms:aes128-ctr,aes192-ctr,aes256-ctr
MAC Algorithms:hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96
KEX Algorithms:diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 2048 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded): TP-self-signed-2720490143
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsDLwcXA1SG739xRLLHmDOXMHsj5ObbH4zB1CWcJ2A
k5RVaeutE5koSvNN0QKI3grLJSL4R3elWleLra+kV+Ys0fUwlO9T1dU72nMhLLXi6ojs0YCrxDdtn1xj
9SdRyg/fvxGxaQb6dVMzAPo7X5qA95IIp7fY+RV5bGZ5b3mcLbh8z2ceBhO4gj3kvQjpg8a4HDmrh+kb
y+mdBEHvKgYXuLgSolzlveqznPnhmxQUg8cBTPBQCMUNuwsYZkW8EQnQz5GfePvhrQC0D3RafJiMgg4i
bmlpNTU3A21ObYTJyht2LsH8LDLc+nmiehUl1TbVSLRyBMx1kg57TucWLzpN


Cisco IOS XE Software, Version 16.06.02

WS-C3850-48P?


the client use Secure CRT


Beginner

Re: SSH error message "No matching ciphers found"

From putty SSH working fine but from SecureCRT No

 

Kindly find the show ip ssh output as well as the running software version. 
 
SSH Enabled - version 2.0
Authentication methods:publickey,keyboard-interactive,password
Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa
Hostkey Algorithms:x509v3-ssh-rsa,ssh-rsa
Encryption Algorithms:aes128-ctr,aes192-ctr,aes256-ctr
MAC Algorithms:hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96
KEX Algorithms:diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 2048 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded): TP-self-signed-2720490143
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsDLwcXA1SG739xRLLHmDOXMHsj5ObbH4zB1CWcJ2A
k5RVaeutE5koSvNN0QKI3grLJSL4R3elWleLra+kV+Ys0fUwlO9T1dU72nMhLLXi6ojs0YCrxDdtn1xj
9SdRyg/fvxGxaQb6dVMzAPo7X5qA95IIp7fY+RV5bGZ5b3mcLbh8z2ceBhO4gj3kvQjpg8a4HDmrh+kb
y+mdBEHvKgYXuLgSolzlveqznPnhmxQUg8cBTPBQCMUNuwsYZkW8EQnQz5GfePvhrQC0D3RafJiMgg4i
bmlpNTU3A21ObYTJyht2LsH8LDLc+nmiehUl1TbVSLRyBMx1kg57TucWLzpN                    


Cisco IOS XE Software, Version 16.06.02
 
WS-C3850-48P​
 

the client use Secure CRT

 

Beginner

Re: SSH error message "No matching ciphers found"

I have the same question. How did you solve it? Thanks

Beginner

Re: SSH error message "No matching ciphers found"

Hi, I've the exactly same issue... Please advise how did this solved.

Beginner

Re: SSH error message "No matching ciphers found"

I've the exactly same issue too when tried to connect from ios 15.6 router to cisco sg500 switch.

 

Just should to get connect with -c aes256-cbc or add command "ip ssh client algorithm encryption aes256-cbc" in your router config for working.

Beginner

Re: SSH error message "No matching ciphers found"

Or alternatively you could modify SSH server configuration on your router like this:
ip ssh server algorithm encryption aes256-cbc [aes192-cbc aes128-cbc]

 

[this is optional]

After that I was able to connect my ISR4K from another router (ISR G2)

Beginner

Re: SSH error message "No matching ciphers found"

to solve this issue we must use SecureCRT new versions not old Versions.

Beginner

Re: SSH error message "No matching ciphers found"

perfect answer, Huge Thanks Rinat 

just type on your switch or router "ip ssh server algorithm encryption aes256-cbc aes192-cbc aes128-cbc"

 

then try Securecrt old version it will work fine 

 

Highlighted
Beginner

Re: SSH error message "No matching ciphers found"

Seems my switch cannot run ip ssh server algorithm ***. my ios version was 15.0.2

 

 

Beginner

Re: SSH error message "No matching ciphers found"

I have the same problem...

 

SW(config)#$er algorithm encryption aes256-cbc aes192-cbc aes128-cbc
ip ssh server algorithm encryption aes256-cbc aes192-cbc aes128-cbc
^
% Invalid input detected at '^' marker.

SW(config)#

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards