Problems accessing a Cisco Router from Ubuntu 18.04 via SSH












0














I have an Ubuntu virtual machine (server) connected to a Cisco router where I'm trying to establish a SSH session to this device. They are connected back-to-back so there is no additional network elements in between. I can establish SSH sessions from this ubuntu VM with other VMs as OpenSSH is enabled in the Ubuntu VM.



On the router side a krypto key of 2048 (RSA) was generated



the status is as follows:



   *R1#sh ip ssh
SSH Enabled - version 2.0
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded):
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8PJx8zmO411wIoin0nieU1cAviDhjImhObA3WaOVp
jh/O6UKiICMNWwmCgAxdZXa70deVOd9UKaR4HVxoUauMBFUFUv+IQvkBoc3VKcN3g47+Ac9U/ytd8zUI
EL4wGTHfQoPZBvF5A3iwnIHM2TFJVZt9eRLEthST/sTB+E9j2n1PT0C0js0gRNVw79ZyUA8aR2CZI5I+
sGd7mqBYdgqePL5H/tUeVTg/I2gXJ6xv7yrN904utRyAT+IieQIh6pWALIRmEl7NVyn/E6OvdUaeRfqM
TsD956uJkA2MTLrQ+VJBVoCNOHk/PujzqCYg+sod1QgSZZQW7bhpLkP7bUSt*


When I try to access the router from the VM :



root@Ubuntu-VM:~/.ssh# ssh user@10.1.1.1


I get the following message



root@Ubuntu-VM:~/.ssh# ssh user@10.1.1.1
Unable to negotiate with 10.1.1.1 port 22: no matching cipher found. Their offer: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc


On the router console I get this:



%SSH-3-NO_MATCH: No matching cipher found: client chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com server aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc


On both cases the "No matching cipher found" is displayed but don't know on which side is the problem, so any advise would be appreciated.



Thank you.










share|improve this question




















  • 1




    It means that the cryptographic algorithm choices offered by the client didn't match ANY of the cryptographic algorithm choices offered by the server (aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc). Read man ssh, use the -v option, maybe try the -1 and -2 options.
    – waltinator
    Dec 20 '18 at 23:48


















0














I have an Ubuntu virtual machine (server) connected to a Cisco router where I'm trying to establish a SSH session to this device. They are connected back-to-back so there is no additional network elements in between. I can establish SSH sessions from this ubuntu VM with other VMs as OpenSSH is enabled in the Ubuntu VM.



On the router side a krypto key of 2048 (RSA) was generated



the status is as follows:



   *R1#sh ip ssh
SSH Enabled - version 2.0
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded):
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8PJx8zmO411wIoin0nieU1cAviDhjImhObA3WaOVp
jh/O6UKiICMNWwmCgAxdZXa70deVOd9UKaR4HVxoUauMBFUFUv+IQvkBoc3VKcN3g47+Ac9U/ytd8zUI
EL4wGTHfQoPZBvF5A3iwnIHM2TFJVZt9eRLEthST/sTB+E9j2n1PT0C0js0gRNVw79ZyUA8aR2CZI5I+
sGd7mqBYdgqePL5H/tUeVTg/I2gXJ6xv7yrN904utRyAT+IieQIh6pWALIRmEl7NVyn/E6OvdUaeRfqM
TsD956uJkA2MTLrQ+VJBVoCNOHk/PujzqCYg+sod1QgSZZQW7bhpLkP7bUSt*


When I try to access the router from the VM :



root@Ubuntu-VM:~/.ssh# ssh user@10.1.1.1


I get the following message



root@Ubuntu-VM:~/.ssh# ssh user@10.1.1.1
Unable to negotiate with 10.1.1.1 port 22: no matching cipher found. Their offer: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc


On the router console I get this:



%SSH-3-NO_MATCH: No matching cipher found: client chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com server aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc


On both cases the "No matching cipher found" is displayed but don't know on which side is the problem, so any advise would be appreciated.



Thank you.










share|improve this question




















  • 1




    It means that the cryptographic algorithm choices offered by the client didn't match ANY of the cryptographic algorithm choices offered by the server (aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc). Read man ssh, use the -v option, maybe try the -1 and -2 options.
    – waltinator
    Dec 20 '18 at 23:48
















0












0








0







I have an Ubuntu virtual machine (server) connected to a Cisco router where I'm trying to establish a SSH session to this device. They are connected back-to-back so there is no additional network elements in between. I can establish SSH sessions from this ubuntu VM with other VMs as OpenSSH is enabled in the Ubuntu VM.



On the router side a krypto key of 2048 (RSA) was generated



the status is as follows:



   *R1#sh ip ssh
SSH Enabled - version 2.0
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded):
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8PJx8zmO411wIoin0nieU1cAviDhjImhObA3WaOVp
jh/O6UKiICMNWwmCgAxdZXa70deVOd9UKaR4HVxoUauMBFUFUv+IQvkBoc3VKcN3g47+Ac9U/ytd8zUI
EL4wGTHfQoPZBvF5A3iwnIHM2TFJVZt9eRLEthST/sTB+E9j2n1PT0C0js0gRNVw79ZyUA8aR2CZI5I+
sGd7mqBYdgqePL5H/tUeVTg/I2gXJ6xv7yrN904utRyAT+IieQIh6pWALIRmEl7NVyn/E6OvdUaeRfqM
TsD956uJkA2MTLrQ+VJBVoCNOHk/PujzqCYg+sod1QgSZZQW7bhpLkP7bUSt*


When I try to access the router from the VM :



root@Ubuntu-VM:~/.ssh# ssh user@10.1.1.1


I get the following message



root@Ubuntu-VM:~/.ssh# ssh user@10.1.1.1
Unable to negotiate with 10.1.1.1 port 22: no matching cipher found. Their offer: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc


On the router console I get this:



%SSH-3-NO_MATCH: No matching cipher found: client chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com server aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc


On both cases the "No matching cipher found" is displayed but don't know on which side is the problem, so any advise would be appreciated.



Thank you.










share|improve this question















I have an Ubuntu virtual machine (server) connected to a Cisco router where I'm trying to establish a SSH session to this device. They are connected back-to-back so there is no additional network elements in between. I can establish SSH sessions from this ubuntu VM with other VMs as OpenSSH is enabled in the Ubuntu VM.



On the router side a krypto key of 2048 (RSA) was generated



the status is as follows:



   *R1#sh ip ssh
SSH Enabled - version 2.0
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded):
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8PJx8zmO411wIoin0nieU1cAviDhjImhObA3WaOVp
jh/O6UKiICMNWwmCgAxdZXa70deVOd9UKaR4HVxoUauMBFUFUv+IQvkBoc3VKcN3g47+Ac9U/ytd8zUI
EL4wGTHfQoPZBvF5A3iwnIHM2TFJVZt9eRLEthST/sTB+E9j2n1PT0C0js0gRNVw79ZyUA8aR2CZI5I+
sGd7mqBYdgqePL5H/tUeVTg/I2gXJ6xv7yrN904utRyAT+IieQIh6pWALIRmEl7NVyn/E6OvdUaeRfqM
TsD956uJkA2MTLrQ+VJBVoCNOHk/PujzqCYg+sod1QgSZZQW7bhpLkP7bUSt*


When I try to access the router from the VM :



root@Ubuntu-VM:~/.ssh# ssh user@10.1.1.1


I get the following message



root@Ubuntu-VM:~/.ssh# ssh user@10.1.1.1
Unable to negotiate with 10.1.1.1 port 22: no matching cipher found. Their offer: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc


On the router console I get this:



%SSH-3-NO_MATCH: No matching cipher found: client chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com server aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc


On both cases the "No matching cipher found" is displayed but don't know on which side is the problem, so any advise would be appreciated.



Thank you.







18.04 openssh cisco






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Dec 20 '18 at 23:51









waltinator

22k74169




22k74169










asked Dec 20 '18 at 23:35









olg32olg32

11




11








  • 1




    It means that the cryptographic algorithm choices offered by the client didn't match ANY of the cryptographic algorithm choices offered by the server (aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc). Read man ssh, use the -v option, maybe try the -1 and -2 options.
    – waltinator
    Dec 20 '18 at 23:48
















  • 1




    It means that the cryptographic algorithm choices offered by the client didn't match ANY of the cryptographic algorithm choices offered by the server (aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc). Read man ssh, use the -v option, maybe try the -1 and -2 options.
    – waltinator
    Dec 20 '18 at 23:48










1




1




It means that the cryptographic algorithm choices offered by the client didn't match ANY of the cryptographic algorithm choices offered by the server (aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc). Read man ssh, use the -v option, maybe try the -1 and -2 options.
– waltinator
Dec 20 '18 at 23:48






It means that the cryptographic algorithm choices offered by the client didn't match ANY of the cryptographic algorithm choices offered by the server (aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc). Read man ssh, use the -v option, maybe try the -1 and -2 options.
– waltinator
Dec 20 '18 at 23:48












1 Answer
1






active

oldest

votes


















0














Thanks,



The issue was on the /etc/ssh/ssh_config file as ciphers are disabled by default on Ubuntu 18.04. Once I removed the comment sigh (#) I could login the router with no problem.






share|improve this answer





















    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "89"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1103480%2fproblems-accessing-a-cisco-router-from-ubuntu-18-04-via-ssh%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    Thanks,



    The issue was on the /etc/ssh/ssh_config file as ciphers are disabled by default on Ubuntu 18.04. Once I removed the comment sigh (#) I could login the router with no problem.






    share|improve this answer


























      0














      Thanks,



      The issue was on the /etc/ssh/ssh_config file as ciphers are disabled by default on Ubuntu 18.04. Once I removed the comment sigh (#) I could login the router with no problem.






      share|improve this answer
























        0












        0








        0






        Thanks,



        The issue was on the /etc/ssh/ssh_config file as ciphers are disabled by default on Ubuntu 18.04. Once I removed the comment sigh (#) I could login the router with no problem.






        share|improve this answer












        Thanks,



        The issue was on the /etc/ssh/ssh_config file as ciphers are disabled by default on Ubuntu 18.04. Once I removed the comment sigh (#) I could login the router with no problem.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Dec 28 '18 at 2:33









        olg32olg32

        11




        11






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Ask Ubuntu!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1103480%2fproblems-accessing-a-cisco-router-from-ubuntu-18-04-via-ssh%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            Ellipse (mathématiques)

            Quarter-circle Tiles

            Mont Emei