I built a CLI shortcut to ssh the config over to an Ubuntu box (with an SMB share mounted to the user home directory).
cli alias name archive copy startup-config scp://[email protected]//home/sw-backup/Cisco/Switch/Nexus/NexusB vrf default
This is so I can easily push my config out to a Windows file server via the "SSH gateway" box. I tried some freebie and Trial SSH Server software on Windows and had too many reliability issues. That was resolved with the Linux box in the middle. It's been stable for quite some time.
I copy files over to this server from all of our routers, switches and Call Manager backups.
I recently updated Nexus to version 7.1(4)N1(1). Now when I attempt to copy I receive an error:
nnn-nexus-b# archive
No matching ciphers found. Client (10.130.9.35) supported ciphers :
aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc,[email protected].
se .Server supported ciphers : [email protected],aes128
-ctr,aes192-ctr,aes256-ctr,[email protected],aes256-gcm@openss
h.com
lost connection
nnn-nexus-b#
I found the following that looks promising:
The above link references the SSH Server on the Nexus. I'm reaching out to an Ubuntu 16.04.1 LTS machine. I can't enable the bash shell feature on the 5548UP. I'm guessing I can disable the weak ciphers on Ubuntu.
Here lies the problem. Call Manager backups, IOS and IOS-XE devices are still using the weak cipher if I understand what's going on correctly. If I change the Ubuntu box, I'll break all of these.
What are some thoughts on how to work around this?
Thanks, B-Dog
In your
/etc/ssh/sshd_configfile, find the lineCiphersand add one of the ciphers your Nexus supports (say,aes256-cbc) to it, keeping the ciphers you already have enabled for your other devices. If the line is not there, add it with the list the server is advertising in your error message and add that cipher to the end eg:man sshd_configshould list the ciphers your version of openssh supports in the Ciphers section.