Error connecting cisco 6500

kex-algorithms

(Brendon Hwang) #1

Hi
I am ssh shell user and evaluating core shell.
First thing i tried was connecting my Cisco Catalyst 6500 switch that I always connect.
No issue with ssh shell but i got a following error on core shell.
Can you shed some light on this?

> 09:59:35 Equivalent Command: ssh -tt -A -F “/Users/brhwang/Library/Group Containers/E78WKS7W4U.io.coressh.ssh/.ssh/config” -o ExitOnForwardFailure=yes admin@10.66.128.11

> 09:59:35 Connecting…

> 09:59:35 Authenticating…

> 09:59:35 Unable to negotiate with 10.66.128.11 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

> 09:59:35 Abnormal Disconnect


(Yang.Y) #2

Brendon, please enable debug logging, it provides more detailed information and could tell us the real cause:


(Brendon Hwang) #3

Hi Yang,

Thank you. I enabled debug3 and captured.


(Yang.Y) #4

Brendon, did you forget attached debug log? Since I could not find it in the thread, nor in my personal message inbox.


(Brendon Hwang) #5

I got below email.

We’re sorry, but your email message to [“codinn.community+replies+1438f5dc977eb58536e0cd61d7cd3104@gmail.com”] (titled Re: [Codinn Community] [Core Shell] Error connecting cisco 6500) didn’t work.

Reason:

Sorry, new users can’t put attachments in posts.

If you can correct the problem, please try again.


(Yang.Y) #6

Sorry about this, I just removed attachment restriction, could please attach it again?


(Brendon Hwang) #7

No problem Yang,

Attached debug output in txt file.

Regards,

Brendon

core shell debug.txt (2.98 KB)


(Yang.Y) #8

Thanks a lot for the log, please try using system ssh_config by following this guide:

It should fix the problem.


(Brendon Hwang) #9

Thanks for the guide.

I tried and install helper per instruction but still not working.

I captured the log again.

I am not sure what I am doing wrong.

Regards,

Brendon

sshcore_debug2.txt (2.74 KB)


(Yang.Y) #10

Ehmmm, strange issue, could not find clue from the log. Could you please run the command in Terminal.app and paste the output?

ssh -tt -A -vvv -o ExitOnForwardFailure=yes admin@10.66.128.11

(Brendon Hwang) #11

Thank you.
Here is output in attached txt file.

terminal_debug3.txt (4.09 KB)


(Yang.Y) #12

The log file really helped, thank you.

I didn’t realize that algorithm diffie-hellman-group1-sha1 was deprecated by OpenSSH 7.0+.

To suppress this error message, just set KexAlgorithms option in Core Shell to +diffie-hellman-group1-sha1:

But I would recommend you change to other more secured algorithms at server end once you get a chance.


(Brendon Hwang) #13

Thank you so much. That helped!!

Btw, I never set this particular SSH configuration on that switch but it appeared to be older method.

Let me find how to change it to more secured one.

One last question.

Since i’m happy using SSH Shell, I still don’t know what’s the main benefit for me to migrate to Core Shell?

I understand end of support on SSH Shell.

Any info would be appreciated.

Regards,

Brendon


(Yang.Y) #14

Take this case as example: if you configure your OpenSSH server to use more secured algorithm ecdh-sha2-nistp521 (for option KexAlgorithms), SSH Shell would fail to connect to the remote, but Core Shell will succeed.

Core Shell almost 100% support your server’s configuration, in a more efficient way. While SSH Shell supports in approximately 70%.