Problems accessing a Cisco Router from Ubuntu 18.04 via SSH












0














I have an Ubuntu virtual machine (server) connected to a Cisco router where I'm trying to establish a SSH session to this device. They are connected back-to-back so there is no additional network elements in between. I can establish SSH sessions from this ubuntu VM with other VMs as OpenSSH is enabled in the Ubuntu VM.



On the router side a krypto key of 2048 (RSA) was generated



the status is as follows:



   *R1#sh ip ssh

SSH Enabled - version 2.0

Authentication timeout: 120 secs; Authentication retries: 3

Minimum expected Diffie Hellman key size : 1024 bits

IOS Keys in SECSH format(ssh-rsa, base64 encoded):

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8PJx8zmO411wIoin0nieU1cAviDhjImhObA3WaOVp

jh/O6UKiICMNWwmCgAxdZXa70deVOd9UKaR4HVxoUauMBFUFUv+IQvkBoc3VKcN3g47+Ac9U/ytd8zUI

EL4wGTHfQoPZBvF5A3iwnIHM2TFJVZt9eRLEthST/sTB+E9j2n1PT0C0js0gRNVw79ZyUA8aR2CZI5I+

sGd7mqBYdgqePL5H/tUeVTg/I2gXJ6xv7yrN904utRyAT+IieQIh6pWALIRmEl7NVyn/E6OvdUaeRfqM

TsD956uJkA2MTLrQ+VJBVoCNOHk/PujzqCYg+sod1QgSZZQW7bhpLkP7bUSt*


When I try to access the router from the VM :



root@Ubuntu-VM:~/.ssh# ssh user@10.1.1.1


I get the following message



root@Ubuntu-VM:~/.ssh# ssh user@10.1.1.1

Unable to negotiate with 10.1.1.1 port 22: no matching cipher found.  Their offer: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc


On the router console I get this:



%SSH-3-NO_MATCH: No matching cipher found: client chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com server aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc


On both cases the "No matching cipher found" is displayed but don't know on which side is the problem, so any advise would be appreciated.



Thank you.






18.04 openssh cisco







share|improve this question




















  • 1




    It means that the cryptographic algorithm choices offered by the client didn't match ANY of the cryptographic algorithm choices offered by the server (aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc). Read man ssh, use the -v option, maybe try the -1 and -2 options.
    – waltinator
    Dec 20 '18 at 23:48


















0














I have an Ubuntu virtual machine (server) connected to a Cisco router where I'm trying to establish a SSH session to this device. They are connected back-to-back so there is no additional network elements in between. I can establish SSH sessions from this ubuntu VM with other VMs as OpenSSH is enabled in the Ubuntu VM.



On the router side a krypto key of 2048 (RSA) was generated



the status is as follows:



   *R1#sh ip ssh

SSH Enabled - version 2.0

Authentication timeout: 120 secs; Authentication retries: 3

Minimum expected Diffie Hellman key size : 1024 bits

IOS Keys in SECSH format(ssh-rsa, base64 encoded):

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8PJx8zmO411wIoin0nieU1cAviDhjImhObA3WaOVp

jh/O6UKiICMNWwmCgAxdZXa70deVOd9UKaR4HVxoUauMBFUFUv+IQvkBoc3VKcN3g47+Ac9U/ytd8zUI

EL4wGTHfQoPZBvF5A3iwnIHM2TFJVZt9eRLEthST/sTB+E9j2n1PT0C0js0gRNVw79ZyUA8aR2CZI5I+

sGd7mqBYdgqePL5H/tUeVTg/I2gXJ6xv7yrN904utRyAT+IieQIh6pWALIRmEl7NVyn/E6OvdUaeRfqM

TsD956uJkA2MTLrQ+VJBVoCNOHk/PujzqCYg+sod1QgSZZQW7bhpLkP7bUSt*


When I try to access the router from the VM :



root@Ubuntu-VM:~/.ssh# ssh user@10.1.1.1


I get the following message



root@Ubuntu-VM:~/.ssh# ssh user@10.1.1.1

Unable to negotiate with 10.1.1.1 port 22: no matching cipher found.  Their offer: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc


On the router console I get this:



%SSH-3-NO_MATCH: No matching cipher found: client chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com server aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc


On both cases the "No matching cipher found" is displayed but don't know on which side is the problem, so any advise would be appreciated.



Thank you.






18.04 openssh cisco







share|improve this question




















  • 1




    It means that the cryptographic algorithm choices offered by the client didn't match ANY of the cryptographic algorithm choices offered by the server (aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc). Read man ssh, use the -v option, maybe try the -1 and -2 options.
    – waltinator
    Dec 20 '18 at 23:48
















0












0








0







I have an Ubuntu virtual machine (server) connected to a Cisco router where I'm trying to establish a SSH session to this device. They are connected back-to-back so there is no additional network elements in between. I can establish SSH sessions from this ubuntu VM with other VMs as OpenSSH is enabled in the Ubuntu VM.



On the router side a krypto key of 2048 (RSA) was generated



the status is as follows:



   *R1#sh ip ssh

SSH Enabled - version 2.0

Authentication timeout: 120 secs; Authentication retries: 3

Minimum expected Diffie Hellman key size : 1024 bits

IOS Keys in SECSH format(ssh-rsa, base64 encoded):

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8PJx8zmO411wIoin0nieU1cAviDhjImhObA3WaOVp

jh/O6UKiICMNWwmCgAxdZXa70deVOd9UKaR4HVxoUauMBFUFUv+IQvkBoc3VKcN3g47+Ac9U/ytd8zUI

EL4wGTHfQoPZBvF5A3iwnIHM2TFJVZt9eRLEthST/sTB+E9j2n1PT0C0js0gRNVw79ZyUA8aR2CZI5I+

sGd7mqBYdgqePL5H/tUeVTg/I2gXJ6xv7yrN904utRyAT+IieQIh6pWALIRmEl7NVyn/E6OvdUaeRfqM

TsD956uJkA2MTLrQ+VJBVoCNOHk/PujzqCYg+sod1QgSZZQW7bhpLkP7bUSt*


When I try to access the router from the VM :



root@Ubuntu-VM:~/.ssh# ssh user@10.1.1.1


I get the following message



root@Ubuntu-VM:~/.ssh# ssh user@10.1.1.1

Unable to negotiate with 10.1.1.1 port 22: no matching cipher found.  Their offer: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc


On the router console I get this:



%SSH-3-NO_MATCH: No matching cipher found: client chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com server aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc


On both cases the "No matching cipher found" is displayed but don't know on which side is the problem, so any advise would be appreciated.



Thank you.






18.04 openssh cisco







share|improve this question















I have an Ubuntu virtual machine (server) connected to a Cisco router where I'm trying to establish a SSH session to this device. They are connected back-to-back so there is no additional network elements in between. I can establish SSH sessions from this ubuntu VM with other VMs as OpenSSH is enabled in the Ubuntu VM.



On the router side a krypto key of 2048 (RSA) was generated



the status is as follows:



   *R1#sh ip ssh

SSH Enabled - version 2.0

Authentication timeout: 120 secs; Authentication retries: 3

Minimum expected Diffie Hellman key size : 1024 bits

IOS Keys in SECSH format(ssh-rsa, base64 encoded):

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8PJx8zmO411wIoin0nieU1cAviDhjImhObA3WaOVp

jh/O6UKiICMNWwmCgAxdZXa70deVOd9UKaR4HVxoUauMBFUFUv+IQvkBoc3VKcN3g47+Ac9U/ytd8zUI

EL4wGTHfQoPZBvF5A3iwnIHM2TFJVZt9eRLEthST/sTB+E9j2n1PT0C0js0gRNVw79ZyUA8aR2CZI5I+

sGd7mqBYdgqePL5H/tUeVTg/I2gXJ6xv7yrN904utRyAT+IieQIh6pWALIRmEl7NVyn/E6OvdUaeRfqM

TsD956uJkA2MTLrQ+VJBVoCNOHk/PujzqCYg+sod1QgSZZQW7bhpLkP7bUSt*


When I try to access the router from the VM :



root@Ubuntu-VM:~/.ssh# ssh user@10.1.1.1


I get the following message



root@Ubuntu-VM:~/.ssh# ssh user@10.1.1.1

Unable to negotiate with 10.1.1.1 port 22: no matching cipher found.  Their offer: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc


On the router console I get this:



%SSH-3-NO_MATCH: No matching cipher found: client chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com server aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc


On both cases the "No matching cipher found" is displayed but don't know on which side is the problem, so any advise would be appreciated.



Thank you.






18.04 openssh cisco




18.04 openssh cisco






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Dec 20 '18 at 23:51









waltinator

22k74169




22k74169










asked Dec 20 '18 at 23:35









olg32olg32

11




11








  • 1




    It means that the cryptographic algorithm choices offered by the client didn't match ANY of the cryptographic algorithm choices offered by the server (aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc). Read man ssh, use the -v option, maybe try the -1 and -2 options.
    – waltinator
    Dec 20 '18 at 23:48
















  • 1




    It means that the cryptographic algorithm choices offered by the client didn't match ANY of the cryptographic algorithm choices offered by the server (aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc). Read man ssh, use the -v option, maybe try the -1 and -2 options.
    – waltinator
    Dec 20 '18 at 23:48










1




1




It means that the cryptographic algorithm choices offered by the client didn't match ANY of the cryptographic algorithm choices offered by the server (aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc). Read man ssh, use the -v option, maybe try the -1 and -2 options.
– waltinator
Dec 20 '18 at 23:48






It means that the cryptographic algorithm choices offered by the client didn't match ANY of the cryptographic algorithm choices offered by the server (aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc). Read man ssh, use the -v option, maybe try the -1 and -2 options.
– waltinator
Dec 20 '18 at 23:48












1 Answer
1






active

oldest

votes


















0














Thanks,



The issue was on the /etc/ssh/ssh_config file as ciphers are disabled by default on Ubuntu 18.04. Once I removed the comment sigh (#) I could login the router with no problem.






share|improve this answer





















    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "89"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1103480%2fproblems-accessing-a-cisco-router-from-ubuntu-18-04-via-ssh%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    Thanks,



    The issue was on the /etc/ssh/ssh_config file as ciphers are disabled by default on Ubuntu 18.04. Once I removed the comment sigh (#) I could login the router with no problem.






    share|improve this answer


























      0














      Thanks,



      The issue was on the /etc/ssh/ssh_config file as ciphers are disabled by default on Ubuntu 18.04. Once I removed the comment sigh (#) I could login the router with no problem.






      share|improve this answer
























        0












        0








        0






        Thanks,



        The issue was on the /etc/ssh/ssh_config file as ciphers are disabled by default on Ubuntu 18.04. Once I removed the comment sigh (#) I could login the router with no problem.






        share|improve this answer












        Thanks,



        The issue was on the /etc/ssh/ssh_config file as ciphers are disabled by default on Ubuntu 18.04. Once I removed the comment sigh (#) I could login the router with no problem.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Dec 28 '18 at 2:33









        olg32olg32

        11




        11






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Ask Ubuntu!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1103480%2fproblems-accessing-a-cisco-router-from-ubuntu-18-04-via-ssh%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Quarter-circle Tiles

            Image
            up vote 0 down vote favorite I have $99$ identical square tiles, each with a quarter-circle drawn on it like this: [asy] size(1.5cm); draw(Arc((2,0),1,90,180),red+1); draw((0,0)--(2,0)--(2,2)--(0,2)--(0,0)); [/asy] When I arrange the tiles in a $9times 11$ rectangular grid, each with a random orientation, what is the expected value of the number of full circles I form? I think this problem has to do with finding the chance any given 2x2 square has a circle, but I can't find it. expected-value share | cite | improve this question asked Nov 20 at 15:03 6minecraftninja 1 2
            Read more

            build a pushdown automaton that recognizes the reverse language of a given pushdown automaton?

            Image
            0 I think it's similiar to NFAs. I replace the finite states of the given automaton for start-states for my new automaton. I do it with $epsilon$ -transition from the start state to the actual finite states of the given automaton. The start state of the given automaton will be my accepting(finite) state of my new one. All transitions will be reversed of course to recognize the reversed word. But how do I have to change the stack of the pushdown automaton? That's tricky. formal-languages automata context-free-grammar share | cite | improve this question edited Nov 29 '18 at 14:20 joee
            Read more

            Mont Emei

            Image
            Mont Emei.mw-parser-output .entete.map{background-image:url("//upload.wikimedia.org/wikipedia/commons/7/7a/Picto_infobox_map.png")} Vue du sommet Wanfo du mont Emei Géographie Altitude 3 099  m , Wanfo Coordonnées 29° 31′ 11″ nord, 103° 19′ 57″ est Administration Pays   Chine Province Sichuan Ville-préfecture Leshan Géolocalisation sur la carte : Sichuan Mont Emei Géolocalisation sur la carte : Chine Mont Emei modifier   Paysage panoramique du mont Emei, incluant le paysage panoramique du grand Bouddha de Leshan *   Patrimoine mondial de l'UNESCO Passerelle en bois sur le versant ouest Pays   Chine Subdivision Sichuan Type Mixte Critères (iv) (vi) (x) Superficie 15 400 ha Numéro d’identification 779 Zone géographique Asie et Pacifique  ** Année d’inscription 1996 (20 e session) * Descriptif officiel UNESCO ** Classification géog
            Read more