Community discussions

MikroTik App
  4. RouterOS
  5. General

SSH-Session to Cisco not possible (ROS v7.8) - no matching key algorithm

Post Reply
 
Bernhard
just joined
Topic Author
Posts: 9
Joined: Mon Apr 12, 2021 4:42 pm
Location: Vienna / Austria

SSH-Session to Cisco not possible (ROS v7.8) - no matching key algorithm

Mon Mar 13, 2023 12:46 pm

Dear Gurus,
i try to connect to a cisco Catalyst 9200 (Cisco IOS XE Software, Version 17.03.04b) via Tools -> Telenet -> SSH which leads to an immidiate disconnect.
I enabled the /ip/ssh strong-crypto to get over problems with MAC algorithmus. That is working now - they do hmac-sha2-256
But then I stumble across the kex algorithmus:
  • Mikrotik offers: curve25519-sha256,diffie-hellman-group-exchange-sha256,ext-info-c
  • Cisco offers: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1
So we have no match.
Is there a possibility to get connected?

Thanks a lot,
Bernhard
Top
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11587
Joined: Thu Mar 03, 2016 10:23 pm

Re: SSH-Session to Cisco not possible (ROS v7.8) - no matching key algorithm

Mon Mar 13, 2023 2:34 pm

Is there a possibility to get connected?

Yes ... using a full-blown ssh client which in fact still implements outdated algorithms but doesn't have them enabled by default.
Top
 
Bernhard
just joined
Topic Author
Posts: 9
Joined: Mon Apr 12, 2021 4:42 pm
Location: Vienna / Austria

Re: SSH-Session to Cisco not possible (ROS v7.8) - no matching key algorithm

Tue Mar 14, 2023 4:48 pm

Is there a possibility to get connected?

Yes ... using a full-blown ssh client which in fact still implements outdated algorithms but doesn't have them enabled by default.

What I really wanted to know - is there a possibility to get connected to the cisco switch using a MikroTik router?
Is there a full-blown ssh client for MikroTik Routerboard?
Top
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11587
Joined: Thu Mar 03, 2016 10:23 pm

Re: SSH-Session to Cisco not possible (ROS v7.8) - no matching key algorithm

Tue Mar 14, 2023 6:29 pm




Yes ... using a full-blown ssh client which in fact still implements outdated algorithms but doesn't have them enabled by default.

What I really wanted to know - is there a possibility to get connected to the cisco switch using a MikroTik router?
Is there a full-blown ssh client for MikroTik Routerboard?

It seems it's not possible using built-in ssh client at the moment.

Not really. Some Mikrotik routers, running v7 (e.g. 7.8) can run containers ... and you could include full-blown ssh client in a container. Not exactly light-weight solution ... if I would need connectivity and none of linux machines running all the time, I'd go with raspberry pi ...
Top
 
Bernhard
just joined
Topic Author
Posts: 9
Joined: Mon Apr 12, 2021 4:42 pm
Location: Vienna / Austria

Re: SSH-Session to Cisco not possible (ROS v7.8) - no matching key algorithm

Tue Mar 14, 2023 7:01 pm

OK - thanks. Doesn't make me happy.
Top
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1071
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:
Contact eworm

Re: SSH-Session to Cisco not possible (ROS v7.8) - no matching key algorithm

Thu Mar 16, 2023 9:18 am

You want the network traffic to originate from the Mikrotik device (from Cisco device's point of view), but you do this from your workstation, no? You can use ssh jump host functionality for this. Search for these keywords for details.

The call would look something like this:
Code: Select all
ssh -J admin@mikrotik -o enable-legacy-option -o enable-deprecated-option admin@cisco
Works well will Mikrotik device as jump host.
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 45 guests
  4. RouterOS
  5. General