How to connect via ssh from router cisco

  • 0
  • 2
  • Problem
  • Updated 9 months ago
  • Not a Problem
Hello All, 

My ISP needs connect with switches extreme by SSH from rouert cisco since we want to maintain this connection as contingency. 

These are logs the cisco router 

RTT_BF_HC_ENVIGADO_PPAL#ssh 1.1.1.1 

[Connection to 10.128.35.4 aborted: error status 0] 
RTT_BF_HC_ENVIGADO_PPAL# 
Sep 8 16:10:50.648: SSH CLIENT0: protocol version id is - SSH-2.0-4.1.2 SSH Secure Shell Toolkit 
Sep 8 16:10:50.648: SSH CLIENT0: sent protocol version id SSH-2.0-Cisco-1.25 
Sep 8 16:10:50.648: SSH2 CLIENT 0: send:packet of length 344 (length also includes padlen of 5) 
Sep 8 16:10:50.648: SSH2 CLIENT 0: SSH2_MSG_KEXINIT sent 
Sep 8 16:10:50.652: SSH2 CLIENT 0: ssh_receive: 424 bytes received 
Sep 8 16:10:50.652: SSH2 CLIENT 0: input: total packet length of 424 bytes 
Sep 8 16:10:50.652: SSH2 CLIENT 0: partial packet length(block size)8 bytes,needed 416 bytes, 
maclen 0 
Sep 8 16:10:50.652: SSH2 CLIENT 0: input: padlength 8 bytes 
Sep 8 16:10:50.652: SSH2 CLIENT 0: SSH2_MSG_KEXINIT received 
Sep 8 16:10:50.652: SSH2:kex: server->client enc:aes128-cbc mac:hmac-sha1 
Sep 8 16:10:50.652: SSH2:kex: client->server enc:aes128-cbc mac:hmac-sha1 
Sep 8 16:10:50.652: SSH2 CLIENT 0: hostkey algo not supported: client ssh-rsa, server ssh-dss 
Sep 8 16:10:50.652: SSH CLIENT0: Session disconnected - error 0x00 

RTT_BF_HC_ENVIGADO_PPAL#ssh 1.1.1.1 

[Connection to 10.128.35.4 aborted: error status 0] 
RTT_BF_HC_ENVIGADO_PPAL#ssh 1.1.1.1 
Sep 8 15:54:52.497: SSH2 CLIENT 0: hostkey algo not supported: client ssh-rsa, ho log 
Photo of Susana Tovar

Susana Tovar

  • 494 Points 250 badge 2x thumb

Posted 9 months ago

  • 0
  • 2
Photo of Jarek

Jarek

  • 2,398 Points 2k badge 2x thumb
Hi,

I think the problem is here -> SSH2 CLIENT 0: hostkey algo not supported: client ssh-rsa, server ssh-dss 

What is the switch model and what firmware you have on it? 

--
Jarek
Photo of Susana Tovar

Susana Tovar

  • 494 Points 250 badge 2x thumb
Hello Jarek,

I have extreme switches X250, X450 with version 15.3.5.2 patch1-10 at switches X440, 460, 670 and BD8800 with a version 16.1.4.2 patch1-7.

Regards.
Photo of Jarek

Jarek

  • 2,398 Points 2k badge 2x thumb
The problem is that on your cisco device you have newer ssh implementation than on EXOS.
And in newer version ssh-dss keys has been disabled.

I don't know if there is any change, but  the upgrade was  in 21.1 and 16.2 

Please see -> https://community.extremenetworks.com/extreme/topics/with-new-openssh-client-7-1-no-normal-ssh-login...

Could you write, what do you want to achieve?
Maybe we can find another way/idea to help you?

--
Jarek