Work Story
At work we recently replaced a switch with a brand new out of the box switch. One of the guys on my team updated the configuration and OS on the switch. I plugged the new switch in the place of the old switch and connected everything that goes to the switch, and nothing worked right.
Problems:
It's one of two switches in a VLT pair and they were both coming up "standalone"
When we'd ssh to the switch we'd get the "No matching key exchange method found" message.
Solution:
Upload the correct OS on the switch which had VLT features and the correct sha-256 algorithms.
In the meantime there were two ways to get around the fact that we could only use sha-1 algorithms, edit the ssh_config file or specify the algorithm you want ssh to use when typing out the ssh command.
Here's how to specify the algorithm when typing the ssh command
Type command below. Keep in mind, you can use whatever algorithm is being requested in place of the algorithm I used.
ssh -o KexAlgorithms=diffie-hellman-group-exchange-sha1 username@hostnameHere's how to edit the ssh_config file.
Open ssh_config file in text editor of your choice.
The command below opens it in Vim.
sudo vim /etc/ssh/ssh_configLocate this line
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
Remove # and insert the below encryption in between hmac-sha1, and umac-64@openssh.com
The line should look like this afterward. You may be able to paste this line in place of the other one (I would just type it in, but do you.)
MACs hmac-md5,hmac-sha1,hmac-sha2-256,umac-64@openssh.com,hmac-ripemd160Remove # from this line
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
Paste the following at the bottom of the file.
HostkeyAlgorithms ssh-dss,ssh-rsa
KexAlgorithms +diffie-hellman-group1-sha1,diffie-hellman-group14-sha1Save file and try to SSH to the device that had problems.