I have a situation where a client has a mixed vendor network. The client needs to be able to open SSH v2 sessions from one device to another in a "hop-to-hop" situation in case of faults.
The issue arises when trying to SSH from a cat6500 to a Nortel 8600 where basically the SSH connection fails. If using SSH v1, the connection works, if using another SSH client to connect SSH v2 to the Nortel the connection succeeds. However, using the inbuilt SSH client on the cat 6500 fails with a "SSH CLIENTTO: key exchenge failure (code = 0)" in the Cisco debug and a "SSH ERROR no hostkey alg" in the Nortel Log.
Attached is a text file showing some of the debug output and log output from both devices.
The 6500 is running s222-ipservicesk9_wan-mz.122-18.SXF8.bin.
Any help would be appreciated. Including the fact I may have missed something obvious.
Note: I have a Nortel colleague also looking into this.
Ok I looked this further.
The reason is that DSA based keys are not supported by IOS SSH. Nortel does not support RSA based keys for SSH, and hence the SSH from Cisco devices do not work.
There is an enhancement request for DSA support on cisco devices:
CSCej86682 Crypto: DSA is not supported in IOS
There is no ETA as far as when this will be fixed. But it will.
Let me know if you have other questions in order to resolve this post.