Reputation: 367
Connecting to a Cisco Switch with crypto/ssh
I am using this code https://gist.github.com/svett/b7f56afc966a6b6ac2fc as a starting point.
Using it and pointing it to a cisco router gets me the following error message:
Failed to dial: ssh: handshake failed: ssh: no common algorithm for client to server cipher; client offered: [aes128-ctr aes192-ctr aes256-ctr [email protected] arcfour256 arcfour128], server offered: [aes128-cbc 3des-cbc aes192-cbc aes256-cbc]
After doing some reading, I learned that I could enable aes128-cbc by customizing the config:
// CBC mode is insecure and so is not included in the default config.
// (See http://www.isg.rhul.ac.uk/~kp/SandPfinal.pdf). If absolutely
// needed, it's possible to specify a custom Config to enable it.
So I added :
HostKeyAlgorithms: []string{"aes128cbcID"},
to my ssh.ClientConfig and I got a different error:
Failed to dial: ssh: handshake failed: ssh: no common algorithm for host key; client offered: [aes128cbcID], server offered: [ssh-rsa]
This basically makes me think I'm specifying the HostKeyAlgorithm when I need to specify the client to server cipher, but I cannot find my way around well enough to figure out how to do so.
Any ideas?
Upvotes: 5
Views: 1488
Answers (1)
Reputation: 109442
What you want is to set the Ciphers field in the client's config. It's in the common ssh.Config struct, embedded in the ssh.ClientConfig
sshConfig.Ciphers = []string{"aes128-cbc"}
Upvotes: 7
Related Questions
- How to specify the private SSH-key to use when executing shell command on Git?
- ssh "permissions are too open"
- Amazon ec2 show "Permission denied (publickey)"
- Amazon instance no longer allowing login with private key
- node.js ssh2shell wrapper fails to login to cisco devices
- JSch algorithm negotiation fail with OSX El Capitan
- Unable to login in putty using ssh mode throwing fatal error