10-06-2020 01:07 AM
Dears ,
I am getting this message on the switch every time when trying to ssh another switch :
%SSH: CBC Ciphers got moved out of default config. Please configure ciphers as required(to match peer ciphers)
[Connection to 10.227.100.1 aborted: error status 0]
.........
My switch model is WS-C3850-24T & IOS version is CAT3K_CAA-UNIVERSALK9-M), Version 16.6.5
Please can anyone give me the default configuration for that ssh encryption or solution for that error massage ?
10-06-2020 02:20 AM - edited 10-06-2020 02:20 AM
Hello
Have you tried zerosizing the rsa key and generating another.
crypto zerosize
crypto key generate rsa general-keys modulus xxx
10-08-2020 12:45 AM
Dear Paul ,
I've tried the commands but it didn't work and i am still getting the same message.
3850-CE1#
%SSH: CBC Ciphers got moved out of default config. Please configure ciphers as required(to match peer ciphers)
[Connection to 10.225.100.1 aborted: error status 0]
10-08-2020 03:55 AM
Hello,
do you know which Ciphers your peer is using ? You have different options, if you don't know which one to use, it comes down to trial and error:
3850-CE1(config)#crypto key generate rsa modulus 2048
3850-CE1(config)#ip ssh client algorithm encryption ?
3des-cbc Three-key 3DES in CBC mode
aes128-cbc AES with 128-bit key in CBC mode
aes128-ctr AES with 128-bit key in CTR mode
aes192-cbc AES with 192-bit key in CBC mode
aes192-ctr AES with 192-bit key in CTR mode
aes256-cbc AES with 256-bit key in CBC mode
aes256-ctr AES with 256-bit key in CTR mode
10-11-2020 02:53 AM
Dear George ,
I don't know which ciphers my peer are using . so which cipher i should try ?
10-11-2020 03:15 AM
Hello,
if you don't know, it comes down to trial and error. Try them in order, one by one, and see which (if any) works.
10-11-2020 05:00 AM
Hello
okay you can set them to default -
review this cco doc it should explain -here
01-24-2022 10:02 PM
Are the commands discussed here to be run on the ssh client or destination? i have the same issue trying to ssh from a Cisco 9300 to a 3750. i have tried all the listed ciphers unsuccessfully.
01-24-2022 11:58 PM
Hi,
Try to add:
ip ssh client algorithm encryption aes128-cbc aes128-ctr aes192-cbc aes192-ctr aes256-cbc aes256-ctr
Regards,
Ventsi
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: