Network Management

 View Only
last person joined: 19 hours ago 

Keep an informative eye on your network with HPE Aruba Networking network management solutions
Back to discussions
Expand all | Collapse all

airwave not able to ssh to cisco switch

This thread has been viewed 6 times

  • 1.  airwave not able to ssh to cisco switch

    Posted Aug 20, 2020 05:09 PM

    when the airwave 8.2.10.1 tries to logon with ssh to a cisco switch I get the following message in the Cisco:SW1: SSH2 0: kex algo not supported: client diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ext-info-c, server dif.

     

    airwave message is : Telnet/SSH Error: (pattern match timed-out) in username or password prompt: Unable to negotiate with 192.168.174.242 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 )    The userid and password are correct in the setup for the device in airwave.

    anyone have any thoughts on how to fix this?



  • 2.  RE: airwave not able to ssh to cisco switch

    EMPLOYEE
    Posted Aug 21, 2020 05:50 AM

    From these messages, it looks to me that the switch is only offering insecure ciphers (group1-sha1), and Airwave refuses to connect because of that. Over the last versions Airwave has been hardened based on security audit findings from our customers, and this could be one of the results of that.

     

    Can you enable strong SSH ciphers on your switch? Or upgrade the firmware to newer that supports secure ciphers?

     

    Alternatively, you could reach out to Aruba Support and ask if they could add these insecure ciphers to what Airwave uses to connect to network devices.



  • 3.  RE: airwave not able to ssh to cisco switch

    EMPLOYEE
    Posted Aug 24, 2020 10:03 AM

    Could you try enabling Compatible Cyphers from Airwave CLI as ampadmin and check the status?
    We can enable it from the option 3(Configuration) --> 5(SSHD) --> 2(Use Compatible Ciphers).