After the CE6800 Is Upgraded, A User Fails to Log In to the CE6800 in SSH Mode

51 0 1 0

I will share with you here a case about CE6800 being unable to log in via SSH after the upgrade.

Issue Description

1. The original version of the CE6800 is V100R006. A PC can access the CE6800 in SSH mode normally.

2. After the CE6800 is formatted and upgraded to V200R001C00 version and the previous configuration is restored, the PC cannot access the CE6800 in SSH mode. 

spacer.gifHandling Process

An error is reported on the client, indicating that the authentication fails.

Disconnected: No supported authentication methods

Root Cause

Compared with earlier versions of V200R001C00SPC100, the default SSH algorithm has changed.
When the switch starts with an empty configuration file after being upgraded to V200R001C00SPC100 or later, the switch uses the default algorithm to negotiate with clients.

If the algorithm used by the client does not have the default algorithm configured in V200R001C00SPC100, the negotiation between the switch and client fails.

Description of the command used to configure an encryption algorithm in V100R006

ssh server cipher
The 
ssh server cipher command configures an encryption algorithm list for an SSH server.

The undo ssh server cipher command restores the default encryption algorithm list on the SSH server.

By default, an SSH server supports the following encryption algorithms: 3DES_CBC, AES128_CBC, AES256_CBC, AES128_CTR, and AES256_CTR.

Description of the command used to configure an encryption algorithm in V200R001C00

ssh server cipher
The 
ssh server cipher command configures an encryption algorithm list for an SSH server.

The undo ssh server cipher command restores the default encryption algorithm list on the SSH server.

By default, an SSH server supports AES256_CTR and AES128_CTR when it starts with an empty configuration file. When the switch starts with a configuration file, an SSH server supports 3DES_CBC, AES128_CBC, AES256_CBC, AES128_CTR, and AES256_CTR.

spacer.gifSolution

Run the undo ssh server cipher command to restore default algorithms of 3DES_CBC, AES128_CBC, AES256_CBC, AES128_CTR, and AES256_CTR.


  • x
  • convention:

Comment

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login