Fixing Key Exchange and Cipher Issues on Cisco SG300-10P Switch
Here is the "No Matching Key Exchange Method Found" error on your
When attempting to establish an SSH connection with the following command:
In This Case
|Login Name||Switch IP|
An error is encountered due to incompatible key exchange and cipher methods:
Unable to negotiate with 10.1.1.1 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
Unable to negotiate with 10.1.1.1 port 22: no matching cipher found. Their offer: aes128-cbc,3des-cbc,arcfour,aes192-cbc,aes256-cbc
To resolve the issue, create a new SSH configuration file and restart the SSH service:
Run the following command to create a new configuration file,
cisco_sg300.conf, in the
sudo bash -c 'cat > /etc/ssh/ssh_config.d/cisco_sg300.conf << EOF HostkeyAlgorithms ssh-dss,ssh-rsa KexAlgorithms +diffie-hellman-group1-sha1,diffie-hellman-group14-sha1 Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc EOF'
OR minimum algorithms to be compatible with more devices.
sudo cat > /etc/ssh/ssh_config.d/cisco_sg300.conf << EOF KexAlgorithms +diffie-hellman-group1-sha1,diffie-hellman-group14-sha1 HostKeyAlgorithms +ssh-rsa Ciphers +aes128-cbc EOF
Restart the SSH service for the changes to take effect:
sudo systemctl restart ssh.service
Encountering errors such as "No Matching Key Exchange Method Found" and "No Matching Cipher Found" on your
Cisco SG300-10PNetwork Switch can be frustrating, but they can be resolved with a few simple steps.