Login

Navigation

This articles is published 541 days ago and last updated 526 days ago, some information may be out of date.

Fixing Key Exchange and Cipher Issues on Cisco SG300-10P Switch

cisco-ssh.jpg


Problem of SSH

Here is the "No Matching Key Exchange Method Found" error on your Cisco SG300-10P switch.

When attempting to establish an SSH connection with the following command:

ssh [email protected]
In This Case
Login NameSwitch IP
root10.1.1.1

An error is encountered due to incompatible key exchange and cipher methods:

Unable to negotiate with 10.1.1.1 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

Unable to negotiate with 10.1.1.1 port 22: no matching cipher found. Their offer: aes128-cbc,3des-cbc,arcfour,aes192-cbc,aes256-cbc


Solution

To resolve the issue, create a new SSH configuration file and restart the SSH service:

  1. Run the following command to create a new configuration file, cisco_sg300.conf, in the /etc/ssh/ssh_config.d/ directory:

    sudo bash -c 'cat > /etc/ssh/ssh_config.d/cisco_sg300.conf << EOF
    HostkeyAlgorithms ssh-dss,ssh-rsa
    KexAlgorithms +diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
    Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
    EOF'

OR minimum algorithms to be compatible with more devices.

sudo cat > /etc/ssh/ssh_config.d/cisco_sg300.conf << EOF
KexAlgorithms +diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
HostKeyAlgorithms +ssh-rsa
Ciphers +aes128-cbc
EOF
  1. Restart the SSH service for the changes to take effect:

    sudo systemctl restart ssh.service

2023-06-29_203122.png


Conclusion

Encountering errors such as "No Matching Key Exchange Method Found" and "No Matching Cipher Found" on your Cisco SG300-10P Network Switch can be frustrating, but they can be resolved with a few simple steps.