Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
27863
Views
32
Helpful
11
Replies

Unable to SSH to Switch - no matching mac found: client hmac-sha1 server hmac-sha1-96 error

CiscoPurpleBelt
Level 6
Level 6

‎05-02-2018 11:32 AM - edited ‎03-08-2019 02:52 PM

So I am unable to ssh from one device to another. I am testing this way because right now I only have the devices connected to each other and I console into them. Anybody familiar with what is going on?

 

no matching mac found: client hmac-sha1 server hmac-sha1-96

4 people had this problem
Labels:
0 Helpful
11 Replies 11

Georg Pauwen
VIP
VIP

‎05-02-2018 11:46 AM

Hello,

 

your devices cannot agree on a common message authentication code (MAC). Which devices are those, and what IOS versions are you running ? Which rsa keys do you have configured ?

0 Helpful

CiscoPurpleBelt
Level 6
Level 6
In response to Georg Pauwen

‎05-02-2018 01:09 PM

These are 4431 Routers and configured for 2048.

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to CiscoPurpleBelt

‎05-02-2018 01:19 PM

What is the output of "sh ip ssh"?

CiscoPurpleBelt
Level 6
Level 6
In response to Reza Sharifi

‎05-02-2018 01:33 PM

SSH Enabled - version 2.0                                                              
Authentication methods:publickey,keyboard-interactive,password                         
Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa                             
Hostkey Algorithms:x509v3-ssh-rsa,ssh-rsa                                              
Encryption Algorithms:aes256-ctr                                                       
MAC Algorithms:hmac-sha1-96                                                            
Authentication timeout: 60 secs; Authentication retries: 3                             
Minimum expected Diffie Hellman key size : 1024 bits                                   
IOS Keys in SECSH format(ssh-rsa, base64 encoded): BB1_InterRt_4431_A.pmo.com          
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCWqleK7VQA+2Sl2cCFALBZJ4cm09Uh3N1dW+q4C4qo       
fbWXGcGzmiR1LuBHtakYlNrVqv2B3v0D1BgXbakK2zlJPXyyIgLD0iIJKHvcySDOdH6P4xJ8MWIRhd7m       
Eaqp80jd8PPxdrB4g/FMF+kFhVtobGKV4CFX2TE1yYCGndLNZw==
0 Helpful

Georg Pauwen
VIP
VIP
In response to CiscoPurpleBelt

‎05-02-2018 02:03 PM

Hello,

 

zeroize the keys and try a new key with 1024 modulus...

CiscoPurpleBelt
Level 6
Level 6
In response to Georg Pauwen

‎05-02-2018 06:39 PM

Ok I will do that ASAP and let you know the status thanks so much!

0 Helpful

davinci
Level 1
Level 1
In response to Reza Sharifi

‎04-01-2021 11:28 AM

can you redo SSH config without locking yourself out?  which parts are you suggesting redoing?

Ethan and Mia
Level 1
Level 1

‎01-24-2021 08:57 AM

I had same issue after upgrade IOS-XE to some switchs

How you fix ? Thanks

MarioGessa2087
Level 1
Level 1
In response to Ethan and Mia

‎03-08-2021 03:03 AM

Hi Shat1478,

I've fixed it upgrading ssh client....in my case Putty from release 0.60 to release 0.74.

Ciao

 

 

Mario

 

 

masouza95
Level 1
Level 1
In response to MarioGessa2087

‎07-19-2023 08:57 AM

Hi,

It worked! Upgrading ssh client from release 0.60 to release 0.78.

Thanks

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card