networking - Lubuntu 18.04 can't SSH to Cisco Router: no matching key exchange method found. Their offer: diffie-hellman-group1-

link管理

链接快照平台

输入网页链接，自动生成快照
标签化管理网页链接

相关文章推荐

性感的小蝌蚪 · 小米路由器 4A 千兆版刷入 OpenWrt· 昨天 ·

傻傻的豆浆 · VSCode无法启动：Waiting ...· 昨天 ·

满身肌肉的甜瓜 · [Remote-SSH Bug]: ...· 昨天 ·

爱听歌的刺猬 · VSCode无法启动：Waiting ...· 昨天 ·

叛逆的镜子 · 如何在 Digital Ocean 上部署 ...· 4 天前 ·

私奔的柳树 · Linux ...· 3 周前 ·

失望的针织衫 · Integrate a database ...· 3 周前 ·

爱逃课的牛腩 · FastStone Image ...· 6 月前 ·

强健的吐司 · 【远程E5文章】远程汽车远程E5文章_新远程 ...· 1 年前 ·

善良的水煮鱼 · 如何用DIV+CSS做漂亮的横排导航栏-百度经验· 1 年前 ·

Stack Exchange network consists of 176 Q&A communities including Stack Overflow , the largest, most trusted online community for developers to learn, share their knowledge, and build their careers. Visit Stack Exchange

Ask Ubuntu is a question and answer site for Ubuntu users and developers. It only takes a minute to sign up.

I'm not sure if this problem caused by Lubuntu or Cisco Router side.

Lubuntu = 192.168.1.100
Cisco Router = 192.168.1.1
SSH from Lubuntu to Cisco Router
user@linux:~$ ssh -V
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n  7 Dec 2017
user@linux:~$
user@linux:~$ ssh [email protected]
Unable to negotiate with 192.168.1.1 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
user@linux:~$ 
This is on Cisco Router side
*Mar  1 01:41:19.631: SSH2 0: no matching cipher found: client [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],
SSH Verbose
user@linux:~$ ssh 192.168.1.1 -l admin -v
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n  7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.1.1 [192.168.1.1] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version Cisco-1.25
debug1: match: Cisco-1.25 pat Cisco-1.* compat 0x60000000
debug1: Authenticating to 192.168.1.1:22 as 'admin'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: (no match)
Unable to negotiate with 192.168.1.1 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
user@linux:~$ 
More Cisco Log
R1(config)#ip ssh logging events
R1(config)#
R1(config)#
*Mar  1 01:56:21.723: SSH2 0: no matching cipher found: client [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],
R1(config)#
*Mar  1 01:56:21.723: %SSH-5-SSH2_SESSION: SSH2 Session request from 192.168.1.100 (tty = 0) using crypto cipher '', hmac '' Failed
*Mar  1 01:56:21.723: %SSH-5-SSH2_CLOSE: SSH2 Session from 192.168.1.100 (tty = 0) for user '' using crypto cipher '', hmac '' closed
R1(config)#
What is the problem here and how to fix it?
Update 1
I've tried these as suggested here but it didn't solve the problem
user@linux:~$ ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 192.168.1.1
Unable to negotiate with 192.168.1.1 port 22: no matching cipher found. Their offer: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
user@linux:~$ 
user@linux:~$ ssh -oHostKeyAlgorithms=+ssh-dss 192.168.1.1
Unable to negotiate with 192.168.1.1 port 22: no matching cipher found. Their offer: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
user@linux:~$ 
                @OrganicMarble, I've updated my question with more log. Hopefully one of them will answer your question. If not, let me know what kind of authorization method(s) are you looking here.
– Sabrina
                Mar 31 at 12:45
The problem is the Cisco router. Ubuntu's ssh client proposes a default set of modern and secure encryptions and the router proposes another set (with legacy algorithms) and they have none in common.
You can force ssh to add the weak legacy algorithms to its list of proposals:
From the command line:
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 192.168.1.1
or adding the option to ~/.ssh/config
Host 192.168.1.1
  KexAlgorithms +diffie-hellman-group1-sha1
As explained here (you have other solutions there), that might be not be enough and you might have to enable ssh-dss too.
ssh -oHostKeyAlgorithms=+ssh-dss 192.168.1.1
or adding the option to ~/.ssh/config
Host 192.168.1.1
  HostKeyAlgorithms +ssh-dss
                does it now work : do you get an error message? Also, please note I added another option to the answer.
– Eduardo Trápani
                Mar 31 at 13:14
        Thanks for contributing an answer to Ask Ubuntu!
Please be sure to answer the question. Provide details and share your research!
But avoid …
Asking for help, clarification, or responding to other answers.
Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.

Stack Exchange Network