petregmd

SSH issue, unable to login into a Cisco router

I bought some Cisco devices in order to practice on real equipment for my CCNA exam.

After unpacking the devices and buying a console cable, I started to explore the Cisco 2911 router capabilities.

The first thing that I did was to connect an Ethernet cable from the Cisco router to my computer.

Gulian Technology
Gulian Technology

Next step, I configured the interface with an IP address and configured SSH on the router. If you want to check the steps for configuring SSH on your Cisco router or switch, take a look here: 8 steps to configure SSH on a Cisco router or switch.

SSH issue description

Unfortunately, when I tried using SSH to log into my Cisco router from my Ubuntu machine I received the following error. The SSH client and server failed to agree on the key exchange algorithm.

petru@ubuntu-dev:~$ ssh -l petru 172.16.10.1
Unable to negotiate with 172.16.10.1 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
SSH issue
SSH issue

I then tried to connect from my macOS. I faced the same SSH problem. Did you ever encounter a similar SSH issue?

In this post, I want to show you how to fix it.

Change the default config for your SSH client

You are facing this SSH issue because diffie-hellman-group1-sha1 key exchange method is disabled in recent SSH client versions. In order to address the issue, you will need to edit the default SSH client config.

Open the file /etc/ssh/ssh_config and add the following lines at the end:

sudo vim /etc/ssh/ssh_config

# Lines added by Petru in order to be able to SSH to Cisco devices
HostkeyAlgorithms ssh-dss,ssh-rsa
KexAlgorithms +diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
Modify the default SSH client configuration
Modify the default SSH client configuration

You need to un-comment the below line from the ssh_config file.

Before:

Commented Ciphers option

After:

Un-commented Ciphers option
Un-commented Ciphers option

Restart the SSH service

Do not forget to restart the SSH service in order for these changes to take effect. Otherwise, the SSH issue won’t disappear. 🙂

Restart SSH service
Restart SSH service

After restarting the service, make sure that the status for SSH service is active (running).

Test the connectivity to your Cisco device via SSH

Finally, it is time to test the connectivity to your Cisco router or switch via SSH and confirm that the SSH issue is resolved.

Run a similar command. Adjust it according to your environment.

ssh -l petru 172.16.10.1
Successful SSH connection from Ubuntu Linux
Successful SSH connection from Ubuntu Linux
Successful SSH connection from macOS
Successful SSH connection from macOS

It seems that the connection is successful.

I hope you find this post useful. Share it on your social media channels so that other people can read it too.

By clicking submit, you agree to share your email address with the site owner and Mailchimp to receive marketing, updates, and other emails from the site owner. Use the unsubscribe link in those emails to opt out at any time.

Processing…
Success! You're on the list.

Leave a Reply