11-08-2018 07:42 AM - edited 03-08-2019 04:34 PM
Hello:
Last night we upgraded our 2921 to a 15.7 from 15.0. Once the upgrade was finished I noticed the tunnels we had were not coming up properly. I decided to roll back to the previous version that worked and since then I cannot SSH into the router itself. I was able to SSH from our Core Switch before.
I am consoled in to the router and when I try to SSH into it I am getting the below message.
SSH2 0: no matching cipher found: client aes128-ctr,aes192-ctr,aes256-ctr server aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
show ip ssh
SSH Enabled - version 2.0
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded):
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDOOwIwYLTxPRjqNmRxSfsI8iYmILYX8cUA
nazSgZA1K7wIe92RDyjfYA/Oy/L/FVJFSKe1PgE1cigh4X0NgPidaXI2yxEqlGja
1sDPodwJNWcbkjtfpW7bRLpQhC+rv89vaohZdBUANktQy2Z+29aZUW0IBCN+UhLJ
SZDP7CXZTw==
I have tried disabling-reenabling SSH/regenerating new keys as well and that still is not letting me SSH into the router.
On my Core Sw I am getting this message.
[Connection to x.x.x.x aborted: error status 0]
Thanks for any input.
11-08-2018 07:46 AM
- I can only assume that the 2921 isn't allowing too weak ciphers after the upgrade, check whether you can find anything about that in the release notes of 15.7
M.
11-08-2018 07:59 AM
- Further more, if you have nmap , you could compare the list of available ciphers before and after the upgrade using :
nmap --script ssh2-enum-algos target
M.
11-08-2018 08:10 AM
Thanks for response.
What is weird is that we went to 15.7 but then back to a known working version for us at 15.0. SSH worked on this version, now it does not. Only thing I can see in logs is %SYS-4-CONFIG_NEWER: Configuration from version 15.7 may not be correctly understood. Other then that config is up running tunnels up running..just SSH not allowed in.
11-08-2018 10:05 AM
>%SYS-4-CONFIG_NEWER:... : Only means that 15.0 may not understand a 15.7 configuration, but this is likely not happening.
>Just SSH not allowed in : Already being discussed in my initial response.
M.
11-08-2018 12:14 PM
Hi,
If the router is reachable from the core switch then try to make it reachable from any PC (If not) and try with Putty. You will get it working.
Regards,
Deepak Kumar
05-05-2020 06:03 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide