I recently implemented SSH configuration on my 3750G switch stack.
I have
-set the domain name
-generated the rsa key using 2048 bits
-ensured that the vty lines are set to transport input ssh
Now I am getting an error from multiple telnet/ssh clients saying more or less the following.
I have already tried zeroizing the RSA key and generating a new 2048 bit key, but the same issue still persists.
I dont seem to have an issue with other switch stacks at other locations (although those are 3750X's not 3750G's). Is this a known issue with this particular IOS or model?
I am currently running the following:
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
1 52 WS-C3750G-48TS 12.2(55)SE12 C3750-IPBASEK9-M
* 2 52 WS-C3750G-48PS 12.2(55)SE12 C3750-IPBASEK9-M
3 52 WS-C3750G-48PS 12.2(55)SE12 C3750-IPBASEK9-M
4 52 WS-C3750G-48PS 12.2(55)SE12 C3750-IPBASEK9-M
Best Answer
Your SSH client is saying "we can't agree on the cipher: server wants X but I'm configured not to speak X". This is a completely general SSH problem, not specifically related to this model of switch, which is that the SSH clients are regularly changed, usually to disallow older, weaker, ciphers. This isn't about key length, it's about cipher algorithms.
Your choices include:
Example with a router running old software:
OpenSSH gives advice on this issue here: https://www.openssh.com/legacy.html
Another possibility might be to add some kind of external SSH-to-serial unit, though some will regard this as the worst of all worlds, but it might give good ciphers across SSH.