Got it
Enterprise
Community Forums Switches
After the CE6800 Is Upgra...

After the CE6800 Is Upgraded, A User Fails to Log In to the CE6800 in SSH Mode

172 0 1 0
display all floors #1

I will share with you here a case about CE6800 being unable to log in via SSH after the upgrade.

Issue Description

1. The original version of the CE6800 is V100R006. A PC can access the CE6800 in SSH mode normally.

2. After the CE6800 is formatted and upgraded to V200R001C00 version and the previous configuration is restored, the PC cannot access the CE6800 in SSH mode. 

spacer.gifHandling Process

An error is reported on the client, indicating that the authentication fails.

Disconnected: No supported authentication methods

Root Cause

Compared with earlier versions of V200R001C00SPC100, the default SSH algorithm has changed.
When the switch starts with an empty configuration file after being upgraded to V200R001C00SPC100 or later, the switch uses the default algorithm to negotiate with clients.

If the algorithm used by the client does not have the default algorithm configured in V200R001C00SPC100, the negotiation between the switch and client fails.

Description of the command used to configure an encryption algorithm in V100R006

ssh server cipher
The ssh server cipher command configures an encryption algorithm list for an SSH server.

The undo ssh server cipher command restores the default encryption algorithm list on the SSH server.

By default, an SSH server supports the following encryption algorithms: 3DES_CBC, AES128_CBC, AES256_CBC, AES128_CTR, and AES256_CTR.

Description of the command used to configure an encryption algorithm in V200R001C00

ssh server cipher
The ssh server cipher command configures an encryption algorithm list for an SSH server.

The undo ssh server cipher command restores the default encryption algorithm list on the SSH server.

By default, an SSH server supports AES256_CTR and AES128_CTR when it starts with an empty configuration file. When the switch starts with a configuration file, an SSH server supports 3DES_CBC, AES128_CBC, AES256_CBC, AES128_CTR, and AES256_CTR.

spacer.gifSolution

Run the undo ssh server cipher command to restore default algorithms of 3DES_CBC, AES128_CBC, AES256_CBC, AES128_CTR, and AES256_CTR.


  • x
  • convention:

Helpful (1) Favorite(0) Share Report
Previous: MAC Address Flapping Occurs Between Eth-Trunk Member Interfaces on the CE6850 Switches
Next: Multicast service abnormal due to the exceeded error packet on S9306
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.

APP

Huawei Enterprise Support Community
Huawei Enterprise Support Community
Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.