Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
344
Views
0
Helpful
3
Replies

SSH from Powershell

Moudar
VIP Alumni
VIP Alumni

‎02-14-2025 06:12 AM

Hi

I have a few Catalyst 1000 switches running version 15.2(7)E11.

When trying to connect via PowerShell, I receive the following error:

 

 

Unable to negotiate with 172.22.8.13 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1

 

 

The switch is running the latest version, and I’ve tested both available KEX algorithms, but the issue persists:

(config)#ip ssh server algorithm kex ?
  diffie-hellman-group-exchange-sha1  DH_GRPX_SHA1 diffie-hellman key exchange algorithm
  diffie-hellman-group14-sha1         DH_GRP14_SHA1 diffie-hellman key exchange algorithm

Why hasn’t Cisco updated the supported KEX algorithm list with more secure options?

 

Labels:
0 Helpful
3 Replies 3

Flavio Miranda
VIP
VIP

‎02-14-2025 07:01 AM

@Moudar 

 I think this message is related to the client ssh and not the server. 

Try to run this way

ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 172.22.8.13

 

 

 

0 Helpful

Moudar
VIP Alumni
VIP Alumni
In response to Flavio Miranda

‎02-14-2025 07:22 AM

That might work but, using the -o KexAlgorithms=diffie-hellman-group14-sha1 and -o HostKeyAlgorithms=+ssh-rsa options in PowerShell forces SSH to use older, less secure encryption and key exchange algorithms. So I wonder why we are using these less secure encryption and key exchange algorithms.

0 Helpful

Flavio Miranda
VIP
VIP
In response to Moudar

‎02-14-2025 08:21 AM

Check If windows have update for SSH client. This can be version

0 Helpful
Customers Also Viewed These Support Documents