cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
561
Views
5
Helpful
6
Replies
Highlighted
Beginner

SSH error msg

Dears ,

I am getting this message on the switch every time when trying to ssh another switch :

 

%SSH: CBC Ciphers got moved out of default config. Please configure ciphers as required(to match peer ciphers)
[Connection to 10.227.100.1 aborted: error status 0]

.........

My switch model is WS-C3850-24T & IOS version is CAT3K_CAA-UNIVERSALK9-M), Version 16.6.5

 

Please can anyone give me the default configuration for that ssh encryption or solution for that error massage ?

6 REPLIES 6
Highlighted
VIP Mentor

Hello
Have you tried zerosizing the rsa key and generating another.
crypto zerosize
crypto key generate rsa general-keys modulus xxx



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
Highlighted

Dear Paul ,

 

I've tried the commands but it didn't work and i am still getting the same message.

 

3850-CE1#
%SSH: CBC Ciphers got moved out of default config. Please configure ciphers as required(to match peer ciphers)
[Connection to 10.225.100.1 aborted: error status 0]

Highlighted

Hello,

 

do you know which Ciphers your peer is using ? You have different options, if you don't know which one to use, it comes down to trial and error:

 

3850-CE1(config)#crypto key generate rsa modulus 2048

3850-CE1(config)#ip ssh client algorithm encryption ?
3des-cbc Three-key 3DES in CBC mode
aes128-cbc AES with 128-bit key in CBC mode
aes128-ctr AES with 128-bit key in CTR mode
aes192-cbc AES with 192-bit key in CBC mode
aes192-ctr AES with 192-bit key in CTR mode
aes256-cbc AES with 256-bit key in CBC mode
aes256-ctr AES with 256-bit key in CTR mode

Highlighted

Dear George ,

 

I don't know which ciphers my peer are using . so which cipher i should try ?

Highlighted

Hello,

 

if you don't know, it comes down to trial and error. Try them in order, one by one, and see which (if any) works.

Highlighted

Hello

okay you can set them to default - 

review this cco doc it should explain -here



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
Content for Community-Ad