Rocky 8.x SSH client Connecting to old network devices with legacy protocols and ciphers

From Notes_Wiki
Revision as of 06:48, 10 December 2022 by Saurabh (talk | contribs) (Created page with "Home > Rocky Linux or CentOS > Rocky Linux 8.x > System Administration > SSH client > Connecting to old network devices with legacy protocols and ciphers If while connecting to a network device (eg TP-Link AP or switch) you get errors similar to '''one among''' below: <pre> Unable to negotiate wit...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Home > Rocky Linux or CentOS > Rocky Linux 8.x > System Administration > SSH client > Connecting to old network devices with legacy protocols and ciphers

If while connecting to a network device (eg TP-Link AP or switch) you get errors similar to one among below: 

Unable to negotiate with 192.168.4.11 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

Unable to negotiate with 192.168.4.11 port 22: no matching host key type found. Their offer: ssh-dss

Unable to negotiate with 192.168.4.11 port 22: no matching cipher found. Their offer: aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc

then the issue can be solved by using: 

    ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -oHostKeyAlgorithms=+ssh-dss -c aes256-cbc <username>@<fqdn-or-ip>

where each of the -o option is specifically written to take care of specific errors listed in above example.


Refer:


Home > Rocky Linux or CentOS > Rocky Linux 8.x > System Administration > SSH client > Connecting to old network devices with legacy protocols and ciphers

Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=Rocky_8.x_SSH_client_Connecting_to_old_network_devices_with_legacy_protocols_and_ciphers&oldid=7548"