cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10320
Views
5
Helpful
8
Replies

SSH error msg

Lion_Heart
Level 1
Level 1

Dears ,

I am getting this message on the switch every time when trying to ssh another switch :

 

%SSH: CBC Ciphers got moved out of default config. Please configure ciphers as required(to match peer ciphers)
[Connection to 10.227.100.1 aborted: error status 0]

.........

My switch model is WS-C3850-24T & IOS version is CAT3K_CAA-UNIVERSALK9-M), Version 16.6.5

 

Please can anyone give me the default configuration for that ssh encryption or solution for that error massage ?

8 Replies 8

Hello
Have you tried zerosizing the rsa key and generating another.
crypto zerosize
crypto key generate rsa general-keys modulus xxx


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Dear Paul ,

 

I've tried the commands but it didn't work and i am still getting the same message.

 

3850-CE1#
%SSH: CBC Ciphers got moved out of default config. Please configure ciphers as required(to match peer ciphers)
[Connection to 10.225.100.1 aborted: error status 0]

Hello,

 

do you know which Ciphers your peer is using ? You have different options, if you don't know which one to use, it comes down to trial and error:

 

3850-CE1(config)#crypto key generate rsa modulus 2048

3850-CE1(config)#ip ssh client algorithm encryption ?
3des-cbc Three-key 3DES in CBC mode
aes128-cbc AES with 128-bit key in CBC mode
aes128-ctr AES with 128-bit key in CTR mode
aes192-cbc AES with 192-bit key in CBC mode
aes192-ctr AES with 192-bit key in CTR mode
aes256-cbc AES with 256-bit key in CBC mode
aes256-ctr AES with 256-bit key in CTR mode

Dear George ,

 

I don't know which ciphers my peer are using . so which cipher i should try ?

Hello,

 

if you don't know, it comes down to trial and error. Try them in order, one by one, and see which (if any) works.

Hello

okay you can set them to default - 

review this cco doc it should explain -here


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

jmcgrady1
Level 1
Level 1

Are the commands discussed here to be run on the ssh client or destination? i have the same issue trying to ssh from a Cisco 9300 to a 3750. i have tried all the listed ciphers unsuccessfully.

vencislav.metev
Level 1
Level 1

Hi,

 

Try to add:

ip ssh client algorithm encryption aes128-cbc aes128-ctr aes192-cbc aes192-ctr aes256-cbc aes256-ctr

 

Regards,

Ventsi

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco