I will share with you here a case about CE6800 being unable to log in via SSH after the upgrade.
Issue Description
1. The original version of the CE6800 is V100R006. A PC can access the CE6800 in SSH mode normally.
2. After the CE6800 is formatted and upgraded to V200R001C00 version and the previous configuration is restored, the PC cannot access the CE6800 in SSH mode.
Handling Process
An error is reported on the client, indicating that the authentication fails.
Disconnected: No supported authentication methods
Root Cause
Compared with earlier versions of V200R001C00SPC100, the default SSH algorithm has changed.
When the switch starts with an empty configuration file after being upgraded to V200R001C00SPC100 or later, the switch uses the default algorithm to negotiate with clients.
If the algorithm used by the client does not have the default algorithm configured in V200R001C00SPC100, the negotiation between the switch and client fails.
Description of the command used to configure an encryption algorithm in V100R006
ssh server cipher
The ssh server cipher command configures an encryption algorithm list for an SSH server.
The undo ssh server cipher command restores the default encryption algorithm list on the SSH server.
By default, an SSH server supports the following encryption algorithms: 3DES_CBC, AES128_CBC, AES256_CBC, AES128_CTR, and AES256_CTR.
Description of the command used to configure an encryption algorithm in V200R001C00
ssh server cipher
The ssh server cipher command configures an encryption algorithm list for an SSH server.
The undo ssh server cipher command restores the default encryption algorithm list on the SSH server.
By default, an SSH server supports AES256_CTR and AES128_CTR when it starts with an empty configuration file. When the switch starts with a configuration file, an SSH server supports 3DES_CBC, AES128_CBC, AES256_CBC, AES128_CTR, and AES256_CTR.
Solution
Run the undo ssh server cipher command to restore default algorithms of 3DES_CBC, AES128_CBC, AES256_CBC, AES128_CTR, and AES256_CTR.