Home Cisco IOS - 'No matching host key type found' During SSH
Post
Cancel

Cisco IOS - 'No matching host key type found' During SSH

Christopher Hart on Sep 24, 20222022-09-24T00:00:00-04:00
1 min read

A common issue seen when attempting to SSH into a network device running Cisco’s IOS or IOS-XE operating system using an OpenSSH client is as follows:

1
2

christopher@ubuntu-playground:~$ ssh 192.168.10.3
Unable to negotiate with 192.168.10.3 port 22: no matching host key type found. Their offer: ssh-rsa

This issue can be solved by adding the following lines to the ~/.ssh/config file. Change the 192.168.10.3 IP address to the IP address or FQDN (Fully Qualified Domain Name) of the Cisco IOS network device:

1
2

Host 192.168.10.3
    HostkeyAlgorithms +ssh-rsa

You can also resolve this without modifying your SSH configuration file by adding -oHostkeyAlgorithms=+ssh-rsa to your SSH command as shown below:

1

christopher@ubuntu-playground:~$ ssh 192.168.10.3 -oHostkeyAlgorithms=+ssh-rsa

Note: After making this change, you may receive a no matching key exchange method found error message when attempting to SSH into the Cisco IOS network device once more. If so, add the KexAlgorithms +diffie-hellman-group1-sha1 line underneath the relevant Host entry for the IP address or FQDN corresponding with the Cisco IOS network device in the ~/.ssh/config file. Alternatively, add -oKexAlgorithms=+diffie-hellman-group1-sha1 to your SSH command. For more information, see the Cisco IOS - “No matching key exchange found” During SSH article.

After adding these lines to the ~/.ssh/config file, attempt to SSH into the Cisco IOS network device once more. You should now be able to SSH into the network device successfully.

1
2
3
4
5
6
7
8
9

christopher@ubuntu-playground:~$ ssh 192.168.10.3
The authenticity of host '192.168.10.3 (192.168.10.3)' can't be established.
RSA key fingerprint is SHA256:0NLraq4nXUC/CsyVmuVCmFRwVfhSzTeYtHWT0E42L0Q.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.10.3' (RSA) to the list of known hosts.
([email protected]) Password: 

C3560-CX#

If you add the extra parameters to your SSH command instead, you should also be able to SSH into the network device successfully.

1
2
3
4

christopher@ubuntu-playground:~$ ssh 192.168.10.3 -oHostkeyAlgorithms=+ssh-rsa
([email protected]) Password:

C3560-CX#
This post is licensed under CC BY-NC-SA by the author.

Cisco IOS - 'No matching key exchange found' During SSH

Refactoring Python Network Automation for Unit Tests

Trending Tags