cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
24005
Views
42
Helpful
17
Replies

SSH issue to 3850 switch

ittechk4u1
Level 4
Level 4

Hello experts,

We arenot able to ssh to our new core switches:

 

Switch: 3850

Software version: 16.3.5b

 

Error:
350259: Jun 11 08:23:48: %SSH-3-NO_MATCH: No matching kex algorithm found: client diffie-hellman-group1-sha1 server diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1

 

How can we solve that issue?

I saw there is a bug but no resolution :  https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvc96144/?rfs=iqvred

 

Thanks in advance.

 

 

 

 

17 Replies 17

Ken Lin
Level 1
Level 1

On ASA, change  ssh key-exchange group dh-group1-sha1 to  dh-group14-sha1

angusr
Level 1
Level 1

For anyone else stumbling across this thread:  You must read the error message carefully.  The switch is the SSH server, the client is the system used to connect to the switch.  Therefore, the client must send the correct KEX algorithm.  On Linux, ssh -o KexAlgorithms=diffie-hellman-group14-sha1 username@switch_IP.  In PuTTY, ensure at least one of the noted algorithms is listed in Connection > SSH > Kex Algorithm selection policy.
There is no need to change the switch's SSH configuration.

Old post with a good new observation. The issue is a mismatch between the algorithms supported by the client and the algorithms supported by the server (typically the client supports older/less secure algorithms). So the solution is usually changes in client and not the server.

HTH

Rick
Review Cisco Networking for a $25 gift card