02-10-2022 02:32 PM
We are unable to SSH to some IOS 3750s since a recent SSH client upgrade. We understand why this is happening but rather than force the client to use deprecated or weak ciphers wanted to know if the Catalyst 3750 supports the new required ciphers.
ssh admin@x.x.x.x
Unable to negotiate with x.x.x.x port 22: no matching key exchange method found. Their offer:
diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
We are running 15.2(4)
02-10-2022 02:55 PM
Hello,
post the output of:
show ip ssh
This should tell you which ciphers your IOS supports.
02-10-2022 03:16 PM
If you running SSH version 2 you can re-key with new RSA or you can add below syntax :
ip ssh {server | client} algorithm encryption {aes128-ctr | aes192-ctr | aes256-ctr | aes128-cbc | 3des-cbc | aes192-cbc | aes256-cbc}
check show run all (some command may be already configured as default with 15.X code)
https://community.cisco.com/t5/security-documents/guide-to-better-ssh-security/ta-p/3133344
02-10-2022 08:17 PM
@lmqtechnology wrote:
We are running 15.2(4)
What exact version? 15.2(4)E train starts from 15.2(4)E until 15.2(4)E10.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide