Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4839
Views
0
Helpful
3
Replies

Unable to negotiate with x.x.x.x port 22: no matching key exchange

lmqtechnology
Level 1
Level 1

‎02-10-2022 02:32 PM

We are unable to SSH to some IOS 3750s since a recent SSH client upgrade.  We understand why this is happening but rather than force the client to use deprecated or weak ciphers wanted to know if the Catalyst 3750 supports the new required ciphers.

 

ssh admin@x.x.x.x

Unable to negotiate with x.x.x.x port 22: no matching key exchange method found. Their offer:

diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

 

We are running 15.2(4)

Labels:
0 Helpful
3 Replies 3

Georg Pauwen
VIP
VIP

‎02-10-2022 02:55 PM

Hello,

 

post the output of:

 

show ip ssh

 

This should tell you which ciphers your IOS supports.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎02-10-2022 03:16 PM

If you running SSH version 2 you can re-key with new RSA or you can add below syntax :

 

ip ssh {server | clientalgorithm encryption {aes128-ctr | aes192-ctr | aes256-ctr | aes128-cbc | 3des-cbc | aes192-cbc | aes256-cbc}

 

check show run all (some command may be already configured as default with 15.X  code)

 

https://community.cisco.com/t5/security-documents/guide-to-better-ssh-security/ta-p/3133344

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame

‎02-10-2022 08:17 PM

@lmqtechnology wrote:

We are running 15.2(4)

What exact version?  15.2(4)E train starts from 15.2(4)E until 15.2(4)E10.  

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card