Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

%SSH-3-NO_MATCH: No matching hostkey algorithm found:

HI Team,

Can anyone update me the possible reason for the below error.

%SSH-3-NO_MATCH: No matching hostkey algorithm found: client ssh-dss server ssh-rsa
%SSH-3-NO_MATCH: No matching hostkey algorithm found: client ecdsa-sha2-nistp256 server ssh-rsa
%SSH-3-NO_MATCH: No matching hostkey algorithm found: client ecdsa-sha2-nistp384 server ssh-rsa
%SSH-3-NO_MATCH: No matching hostkey algorithm found: client ecdsa-sha2-nistp521 server ssh-rsa
%SSH-4-SSH2_UNEXPECTED_MSG: Unexpected message type has arrived. Terminating the connection
%SSH-4-SSH2_UNEXPECTED_MSG: Unexpected message type has arrived. Terminating the connection

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

It appears the client is

It appears the client is setup to only accept advanced (Next Generation Encryption - NGE) cryptographic algorithms and the server offers a public key using the older RSA encryption method. the mismatch cause the attempted connection to fail.

Either the client needs to relax the requirements or a new public key need to be generated on the server (possibly after upgrading the software to allow the administrator to choose NGE algorithms when creating the public key). IOS on an ISR G2 router, for example, requires version 15.2(4) M or later. Reference.

1 REPLY
Hall of Fame Super Silver

It appears the client is

It appears the client is setup to only accept advanced (Next Generation Encryption - NGE) cryptographic algorithms and the server offers a public key using the older RSA encryption method. the mismatch cause the attempted connection to fail.

Either the client needs to relax the requirements or a new public key need to be generated on the server (possibly after upgrading the software to allow the administrator to choose NGE algorithms when creating the public key). IOS on an ISR G2 router, for example, requires version 15.2(4) M or later. Reference.

6142
Views
5
Helpful
1
Replies