Header Only - DO NOT REMOVE - Extreme Networks
Question

How to connect via ssh from router cisco


Userlevel 1
Hello All,

My ISP needs connect with switches extreme by SSH from rouert cisco since we want to maintain this connection as contingency.

These are logs the cisco router

RTT_BF_HC_ENVIGADO_PPAL#ssh 1.1.1.1

[Connection to 10.128.35.4 aborted: error status 0]
RTT_BF_HC_ENVIGADO_PPAL#
Sep 8 16:10:50.648: SSH CLIENT0: protocol version id is - SSH-2.0-4.1.2 SSH Secure Shell Toolkit
Sep 8 16:10:50.648: SSH CLIENT0: sent protocol version id SSH-2.0-Cisco-1.25
Sep 8 16:10:50.648: SSH2 CLIENT 0: send:packet of length 344 (length also includes padlen of 5)
Sep 8 16:10:50.648: SSH2 CLIENT 0: SSH2_MSG_KEXINIT sent
Sep 8 16:10:50.652: SSH2 CLIENT 0: ssh_receive: 424 bytes received
Sep 8 16:10:50.652: SSH2 CLIENT 0: input: total packet length of 424 bytes
Sep 8 16:10:50.652: SSH2 CLIENT 0: partial packet length(block size)8 bytes,needed 416 bytes,
maclen 0
Sep 8 16:10:50.652: SSH2 CLIENT 0: input: padlength 8 bytes
Sep 8 16:10:50.652: SSH2 CLIENT 0: SSH2_MSG_KEXINIT received
Sep 8 16:10:50.652: SSH2:kex: server->client enc:aes128-cbc mac:hmac-sha1
Sep 8 16:10:50.652: SSH2:kex: client->server enc:aes128-cbc mac:hmac-sha1
Sep 8 16:10:50.652: SSH2 CLIENT 0: hostkey algo not supported: client ssh-rsa, server ssh-dss
Sep 8 16:10:50.652: SSH CLIENT0: Session disconnected - error 0x00

RTT_BF_HC_ENVIGADO_PPAL#ssh 1.1.1.1

[Connection to 10.128.35.4 aborted: error status 0]
RTT_BF_HC_ENVIGADO_PPAL#ssh 1.1.1.1
Sep 8 15:54:52.497: SSH2 CLIENT 0: hostkey algo not supported: client ssh-rsa, ho log

3 replies

Userlevel 3
Hi,

I think the problem is here -> SSH2 CLIENT 0: hostkey algo not supported: client ssh-rsa, server ssh-dss

What is the switch model and what firmware you have on it?

--
Jarek
Userlevel 1
Hello Jarek,

I have extreme switches X250, X450 with version 15.3.5.2 patch1-10 at switches X440, 460, 670 and BD8800 with a version 16.1.4.2 patch1-7.

Regards.
Userlevel 3
The problem is that on your cisco device you have newer ssh implementation than on EXOS.
And in newer version ssh-dss keys has been disabled.

I don't know if there is any change, but the upgrade was in 21.1 and 16.2

Please see -> https://community.extremenetworks.com/extreme/topics/with-new-openssh-client-7-1-no-normal-ssh-login...

Could you write, what do you want to achieve?
Maybe we can find another way/idea to help you?

--
Jarek

Reply