SSH Connection between Cisco Router 3845 and ALU 6850

[3rdm4r]

Hello Alcatel-Community,

in my case, i have a network connection between two devices, a cisco-router and a omniswitch from alcatel-lucent.
The occurring problem is the ssh-connection. From the cisco device via ssh to the 6850, following log message:

*Sep 10 16:50:49: SSH2 CLIENT 0: hostkey algo not supported: client ssh-rsa, server ssh-dss
*Sep 10 16:53:50: SSH2 CLIENT 0: hostkey algo not supported: client ssh-rsa, server ssh-dss

The cisco device use the rsa-algorithm for the ssh-key pairs but it looks like the 6850 use the dsa-algorithm.

6850
Listing Directory /flash/network:

drw 2048 Sep 10 15:05 ./
drw 2048 Sep 11 09:02 ../
-rw 91392 Sep 10 10:01 userTable5
-rw 12 Mar 26 13:45 lockoutSetting
-rw 33 Mar 26 13:45 policy.cfg
-rw 404 Mar 26 13:46 ssh_host_dsa_key
-rw 358 Mar 26 13:46 ssh_host_dsa_key.pub


I think that incompatibility between the ssh-algorithms is the reason for that behavior
There are people wit the same issue? There are any way to solve the problem ?

Thank you very much

greetz 3rd!m4r

[benny]

Hello,

I suggest you tell us which IOS/AOS combination you use - otherwise it will be difficult to help you.

B

[3rdm4r]

Hello Benny,

the ios version of the cisco router: Cisco IOS C3845-ADVIPSERVICESK9-M, Version 12.4(12)
and the aos version of the alcatel omniswitch: Alcatel-Lucent 6.4.4.343 R01 GA, June 23, 2011

I'm curious if this is helpfuler

greetz

[benny]

Hi,

Please try to set the Cisco to DSA/DSS as the algorithms have to match on both sides.

Cisco steps:
1. switch# configure terminal
2. switch(config)# ssh key {dsa [force] | rsa [bits [force]]}
3. switch(config)# exit
4. (Optional) switch# show ssh key
5. (Optional) switch# copy running-config startup-config

You can't change that on the OmniSwitch, hence I suggest you do that on the Cisco device.
Make sure you don't cut off your only management connection.

Benny