Wednesday, March 21, 2018

SSH No Matching Cipher Found With SSH to Older Cisco Gear

I've seen this error on recent SSH versions, including the OpenSSH used by OS X and others:

Unable to negotiate with 192.168.77.1 port 22: no matching cipher found. Their offer: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc

Several people suggest modifying your local ssh client config. However, I'd rather not use 3DES unless I have to. So, I created an alias and put it in .bash_profile:

alias ssho='ssh -c 3des-cbc'

after a quick . ~/.bash_profile

I can ssh with the alias:

ssho 192.168.77.1
password:

Of course, the best fix would be to update IOS on the Cisco gear.

No comments: