Just tried to connect to a couple of old Cisco Switches from Ubuntu 22.04
lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.2 LTS
Release: 22.04
Codename: jammy
The Problem – (I think this is a WS-C2960X)
ssh 10.11.12.13
# output
Unable to negotiate with 10.11.12.13 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
The Resolution
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -oHostkeyAlgorithms=+ssh-rsa 10.11.12.13
Step by Step Example of Fixing the Problem when connecting to a WS-C2960G-48TC-L
This shows the process of adding command line options based on the “Their offer:” reply from the switch until you finally get a login prompt
ssh 10.11.12.14
# output
Unable to negotiate with 10.11.12.14 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
So add KexAlgorithms
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 10.11.12.14
# output
Unable to negotiate with 10.11.12.14 port 22: no matching host key type found. Their offer: ssh-rsa
Then add HostkeyAlgorithms
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -oHostkeyAlgorithms=+ssh-rsa 10.11.12.14
# output
Unable to negotiate with 10.11.12.14 port 22: no matching cipher found. Their offer: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
Then add Cipher (-c) and finally we have a login prompt
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -oHostkeyAlgorithms=+ssh-rsa -c aes128-cbc 10.11.12.14
# output
([email protected]) Password:
Sometimes things are so old you have to go Old-Old School
Sometimes you try to connect with ssh and you get
ssh 10.11.12.25
#
ssh: connect to host 10.11.12.25 port 22: Connection refused
So then you might need to install a telnet client
sudo apt-get install telnet
Try again with telnet
telnet 10.11.12.25
# output
Trying 10.11.12.25...
Connected to 10.11.12.25.
Escape character is '^]'.
User Access Verification
Username:
0 Comments