Error connecting cisco 6500

bhwang72 · November 21, 2018, 11:09pm

Hi
I am ssh shell user and evaluating core shell.
First thing i tried was connecting my Cisco Catalyst 6500 switch that I always connect.
No issue with ssh shell but i got a following error on core shell.
Can you shed some light on this?

> 09:59:35 Equivalent Command: ssh -tt -A -F "/Users/brhwang/Library/Group Containers/E78WKS7W4U.io.coressh.ssh/.ssh/config" -o ExitOnForwardFailure=yes admin@10.66.128.11

> 09:59:35 Connecting…

> 09:59:35 Authenticating…

> 09:59:35 Unable to negotiate with 10.66.128.11 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

> 09:59:35 Abnormal Disconnect

yang · November 22, 2018, 1:38am

Brendon, please enable debug logging, it provides more detailed information and could tell us the real cause:

bhwang72 · November 22, 2018, 2:02am

Hi Yang,

Thank you. I enabled debug3 and captured.

yang · November 22, 2018, 2:41am

Brendon, did you forget attached debug log? Since I could not find it in the thread, nor in my personal message inbox.

bhwang72 · November 22, 2018, 5:11am

I got below email.

We’re sorry, but your email message to [“codinn.community+replies+1438f5dc977eb58536e0cd61d7cd3104@gmail.com”] (titled Re: [Codinn Community] [Core Shell] Error connecting cisco 6500) didn’t work.

Reason:

Sorry, new users can’t put attachments in posts.

If you can correct the problem, please try again.

yang · November 22, 2018, 5:16am

Sorry about this, I just removed attachment restriction, could please attach it again?

bhwang72 · November 22, 2018, 10:01pm

No problem Yang,

Attached debug output in txt file.

Regards,

Brendon

core shell debug.txt (2.98 KB)

yang · November 23, 2018, 1:18am

Thanks a lot for the log, please try using system ssh_config by following this guide:

It should fix the problem.

bhwang72 · November 24, 2018, 1:07pm

Thanks for the guide.

I tried and install helper per instruction but still not working.

I captured the log again.

I am not sure what I am doing wrong.

Regards,

Brendon

sshcore_debug2.txt (2.74 KB)

yang · November 24, 2018, 1:18pm

Ehmmm, strange issue, could not find clue from the log. Could you please run the command in Terminal.app and paste the output?

ssh -tt -A -vvv -o ExitOnForwardFailure=yes admin@10.66.128.11

bhwang72 · November 25, 2018, 12:12am

Thank you.
Here is output in attached txt file.

terminal_debug3.txt (4.09 KB)

yang · November 25, 2018, 3:24am

The log file really helped, thank you.

I didn't realize that algorithm diffie-hellman-group1-sha1 was deprecated by OpenSSH 7.0+.

To suppress this error message, just set KexAlgorithms option in Core Shell to +diffie-hellman-group1-sha1:

But I would recommend you change to other more secured algorithms at server end once you get a chance.

bhwang72 · November 25, 2018, 6:49am

Thank you so much. That helped!!

Btw, I never set this particular SSH configuration on that switch but it appeared to be older method.

Let me find how to change it to more secured one.

One last question.

Since i’m happy using SSH Shell, I still don’t know what’s the main benefit for me to migrate to Core Shell?

I understand end of support on SSH Shell.

Any info would be appreciated.

Regards,

Brendon

yang · November 25, 2018, 8:09am

Take this case as example: if you configure your OpenSSH server to use more secured algorithm ecdh-sha2-nistp521 (for option KexAlgorithms), SSH Shell would fail to connect to the remote, but Core Shell will succeed.

Core Shell almost 100% support your server’s configuration, in a more efficient way. While SSH Shell supports in approximately 70%.