Configure Linux machine for SSH with Cisco device

Introduction

This page outlines how to configure a Linux machine for use as an SSH client with OpenSSH_9.2 for connecting to Cisco network devices over SSH.

HOW TO

This requires configuration changes in the file /etc/ssh/ssh_config or by creating a separate configuration file in the directory /etc/ssh/ssh_config.d/. This guide will use the latter method. By creating a new file in the directory /etc/ssh/ssh_config.d/. this logically breaks up the configuration files instead of all being in the file /etc/ssh/ssh_config.

Create this new file with a name related to the devices that you will be using this configuration to be connecting to ie. cisco_device.conf. Next is to edit the contents of the file. The first line is to define the hosts that this configuration will apply to. This is the hostname/ip address used when connecting over ssh. For example this can a specific ip address or range of ip address'. Below this line is where the specific configuration required for this device is added. For the case of Cisco devices two lines are required to be added. The first is 'KexAlgorithms diffie-hellman-group1-sha1' and 'HostkeyAlgoritms +ssh-rsa'. These may change dependant on the Cisco device you are trying to ssh to. However, these differences will be highlighted when attempting and failing to connect over ssh.

A list of configuration options can be found in the general /etc/ssh/ssh_config file and are commented out by default.

Another option to this is to specify options when running the ssh command from the terminal. For example instead of adding the HostkeyAlgorithms into the configuration file the option '-oHostkeyAlgorithm=+ssh-rsa' instead. For more information on options visit the ssh man page in the terminal.

Example

/etc/ssh/ssh_conf.d/example.conf

Host 192.168.*

KexAlgorithms diffie-hellman-group14-sha1

HostkeyAlgorithms +ssh-rsa