Problems accessing a Cisco Router from Ubuntu 18.04 via SSH
I have an Ubuntu virtual machine (server) connected to a Cisco router where I'm trying to establish a SSH session to this device. They are connected back-to-back so there is no additional network elements in between. I can establish SSH sessions from this ubuntu VM with other VMs as OpenSSH is enabled in the Ubuntu VM.
On the router side a krypto key of 2048 (RSA) was generated
the status is as follows:
*R1#sh ip ssh
SSH Enabled - version 2.0
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded):
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8PJx8zmO411wIoin0nieU1cAviDhjImhObA3WaOVp
jh/O6UKiICMNWwmCgAxdZXa70deVOd9UKaR4HVxoUauMBFUFUv+IQvkBoc3VKcN3g47+Ac9U/ytd8zUI
EL4wGTHfQoPZBvF5A3iwnIHM2TFJVZt9eRLEthST/sTB+E9j2n1PT0C0js0gRNVw79ZyUA8aR2CZI5I+
sGd7mqBYdgqePL5H/tUeVTg/I2gXJ6xv7yrN904utRyAT+IieQIh6pWALIRmEl7NVyn/E6OvdUaeRfqM
TsD956uJkA2MTLrQ+VJBVoCNOHk/PujzqCYg+sod1QgSZZQW7bhpLkP7bUSt*
When I try to access the router from the VM :
root@Ubuntu-VM:~/.ssh# ssh user@10.1.1.1
I get the following message
root@Ubuntu-VM:~/.ssh# ssh user@10.1.1.1
Unable to negotiate with 10.1.1.1 port 22: no matching cipher found. Their offer: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
On the router console I get this:
%SSH-3-NO_MATCH: No matching cipher found: client chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com server aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
On both cases the "No matching cipher found" is displayed but don't know on which side is the problem, so any advise would be appreciated.
Thank you.
18.04 openssh cisco
add a comment |
I have an Ubuntu virtual machine (server) connected to a Cisco router where I'm trying to establish a SSH session to this device. They are connected back-to-back so there is no additional network elements in between. I can establish SSH sessions from this ubuntu VM with other VMs as OpenSSH is enabled in the Ubuntu VM.
On the router side a krypto key of 2048 (RSA) was generated
the status is as follows:
*R1#sh ip ssh
SSH Enabled - version 2.0
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded):
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8PJx8zmO411wIoin0nieU1cAviDhjImhObA3WaOVp
jh/O6UKiICMNWwmCgAxdZXa70deVOd9UKaR4HVxoUauMBFUFUv+IQvkBoc3VKcN3g47+Ac9U/ytd8zUI
EL4wGTHfQoPZBvF5A3iwnIHM2TFJVZt9eRLEthST/sTB+E9j2n1PT0C0js0gRNVw79ZyUA8aR2CZI5I+
sGd7mqBYdgqePL5H/tUeVTg/I2gXJ6xv7yrN904utRyAT+IieQIh6pWALIRmEl7NVyn/E6OvdUaeRfqM
TsD956uJkA2MTLrQ+VJBVoCNOHk/PujzqCYg+sod1QgSZZQW7bhpLkP7bUSt*
When I try to access the router from the VM :
root@Ubuntu-VM:~/.ssh# ssh user@10.1.1.1
I get the following message
root@Ubuntu-VM:~/.ssh# ssh user@10.1.1.1
Unable to negotiate with 10.1.1.1 port 22: no matching cipher found. Their offer: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
On the router console I get this:
%SSH-3-NO_MATCH: No matching cipher found: client chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com server aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
On both cases the "No matching cipher found" is displayed but don't know on which side is the problem, so any advise would be appreciated.
Thank you.
18.04 openssh cisco
1
It means that the cryptographic algorithm choices offered by the client didn't match ANY of the cryptographic algorithm choices offered by the server (aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
). Readman ssh
, use the-v
option, maybe try the-1
and-2
options.
– waltinator
Dec 20 '18 at 23:48
add a comment |
I have an Ubuntu virtual machine (server) connected to a Cisco router where I'm trying to establish a SSH session to this device. They are connected back-to-back so there is no additional network elements in between. I can establish SSH sessions from this ubuntu VM with other VMs as OpenSSH is enabled in the Ubuntu VM.
On the router side a krypto key of 2048 (RSA) was generated
the status is as follows:
*R1#sh ip ssh
SSH Enabled - version 2.0
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded):
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8PJx8zmO411wIoin0nieU1cAviDhjImhObA3WaOVp
jh/O6UKiICMNWwmCgAxdZXa70deVOd9UKaR4HVxoUauMBFUFUv+IQvkBoc3VKcN3g47+Ac9U/ytd8zUI
EL4wGTHfQoPZBvF5A3iwnIHM2TFJVZt9eRLEthST/sTB+E9j2n1PT0C0js0gRNVw79ZyUA8aR2CZI5I+
sGd7mqBYdgqePL5H/tUeVTg/I2gXJ6xv7yrN904utRyAT+IieQIh6pWALIRmEl7NVyn/E6OvdUaeRfqM
TsD956uJkA2MTLrQ+VJBVoCNOHk/PujzqCYg+sod1QgSZZQW7bhpLkP7bUSt*
When I try to access the router from the VM :
root@Ubuntu-VM:~/.ssh# ssh user@10.1.1.1
I get the following message
root@Ubuntu-VM:~/.ssh# ssh user@10.1.1.1
Unable to negotiate with 10.1.1.1 port 22: no matching cipher found. Their offer: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
On the router console I get this:
%SSH-3-NO_MATCH: No matching cipher found: client chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com server aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
On both cases the "No matching cipher found" is displayed but don't know on which side is the problem, so any advise would be appreciated.
Thank you.
18.04 openssh cisco
I have an Ubuntu virtual machine (server) connected to a Cisco router where I'm trying to establish a SSH session to this device. They are connected back-to-back so there is no additional network elements in between. I can establish SSH sessions from this ubuntu VM with other VMs as OpenSSH is enabled in the Ubuntu VM.
On the router side a krypto key of 2048 (RSA) was generated
the status is as follows:
*R1#sh ip ssh
SSH Enabled - version 2.0
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded):
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8PJx8zmO411wIoin0nieU1cAviDhjImhObA3WaOVp
jh/O6UKiICMNWwmCgAxdZXa70deVOd9UKaR4HVxoUauMBFUFUv+IQvkBoc3VKcN3g47+Ac9U/ytd8zUI
EL4wGTHfQoPZBvF5A3iwnIHM2TFJVZt9eRLEthST/sTB+E9j2n1PT0C0js0gRNVw79ZyUA8aR2CZI5I+
sGd7mqBYdgqePL5H/tUeVTg/I2gXJ6xv7yrN904utRyAT+IieQIh6pWALIRmEl7NVyn/E6OvdUaeRfqM
TsD956uJkA2MTLrQ+VJBVoCNOHk/PujzqCYg+sod1QgSZZQW7bhpLkP7bUSt*
When I try to access the router from the VM :
root@Ubuntu-VM:~/.ssh# ssh user@10.1.1.1
I get the following message
root@Ubuntu-VM:~/.ssh# ssh user@10.1.1.1
Unable to negotiate with 10.1.1.1 port 22: no matching cipher found. Their offer: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
On the router console I get this:
%SSH-3-NO_MATCH: No matching cipher found: client chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com server aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
On both cases the "No matching cipher found" is displayed but don't know on which side is the problem, so any advise would be appreciated.
Thank you.
18.04 openssh cisco
18.04 openssh cisco
edited Dec 20 '18 at 23:51
waltinator
22k74169
22k74169
asked Dec 20 '18 at 23:35
olg32olg32
11
11
1
It means that the cryptographic algorithm choices offered by the client didn't match ANY of the cryptographic algorithm choices offered by the server (aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
). Readman ssh
, use the-v
option, maybe try the-1
and-2
options.
– waltinator
Dec 20 '18 at 23:48
add a comment |
1
It means that the cryptographic algorithm choices offered by the client didn't match ANY of the cryptographic algorithm choices offered by the server (aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
). Readman ssh
, use the-v
option, maybe try the-1
and-2
options.
– waltinator
Dec 20 '18 at 23:48
1
1
It means that the cryptographic algorithm choices offered by the client didn't match ANY of the cryptographic algorithm choices offered by the server (
aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
). Read man ssh
, use the -v
option, maybe try the -1
and -2
options.– waltinator
Dec 20 '18 at 23:48
It means that the cryptographic algorithm choices offered by the client didn't match ANY of the cryptographic algorithm choices offered by the server (
aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
). Read man ssh
, use the -v
option, maybe try the -1
and -2
options.– waltinator
Dec 20 '18 at 23:48
add a comment |
1 Answer
1
active
oldest
votes
Thanks,
The issue was on the /etc/ssh/ssh_config file as ciphers are disabled by default on Ubuntu 18.04. Once I removed the comment sigh (#) I could login the router with no problem.
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1103480%2fproblems-accessing-a-cisco-router-from-ubuntu-18-04-via-ssh%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks,
The issue was on the /etc/ssh/ssh_config file as ciphers are disabled by default on Ubuntu 18.04. Once I removed the comment sigh (#) I could login the router with no problem.
add a comment |
Thanks,
The issue was on the /etc/ssh/ssh_config file as ciphers are disabled by default on Ubuntu 18.04. Once I removed the comment sigh (#) I could login the router with no problem.
add a comment |
Thanks,
The issue was on the /etc/ssh/ssh_config file as ciphers are disabled by default on Ubuntu 18.04. Once I removed the comment sigh (#) I could login the router with no problem.
Thanks,
The issue was on the /etc/ssh/ssh_config file as ciphers are disabled by default on Ubuntu 18.04. Once I removed the comment sigh (#) I could login the router with no problem.
answered Dec 28 '18 at 2:33
olg32olg32
11
11
add a comment |
add a comment |
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1103480%2fproblems-accessing-a-cisco-router-from-ubuntu-18-04-via-ssh%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
It means that the cryptographic algorithm choices offered by the client didn't match ANY of the cryptographic algorithm choices offered by the server (
aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
). Readman ssh
, use the-v
option, maybe try the-1
and-2
options.– waltinator
Dec 20 '18 at 23:48