Educational ICT Virtualisation Specialist

Twitter LinkedIn E-mail
Precedence Technologies Ltd
Technology House, 36a Union Lane
Cambridge, CB4 1QB, United Kingdom
T: +44 (0)8456 446 800 / +44 (0)1223 359900
E: enquiries@precedence.co.uk
HP-ssh

Wiki Home

Tools

Jump To: Support > KB > NetworkMan > HP > ssh

Enabling ssh connections to older HP switches

On the switch

If you get Connection refused when trying to ssh to a switch, then ssh is not enabled. This is the default on a 2510G-24 for example. To enable, run the following from the cli:
config
crypto key generate ssh
ip ssh
write memory

On the client

Old switches use old ciphers and algorithms. Newer ssh clients generally still support these old methods, but will not use them unless explicitly told to do so. For example:
# ssh admin@192.168.10.1
Unable to negotiate with 192.168.10.1 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
# ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 manager@192.168.10.1
Unable to negotiate with 192.168.10.1 port 22: no matching cipher found. Their offer: des,3des-cbc
# ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -oCiphers=+3des-cbc manager@192.168.10.1

[success]
To make this permanent, if your switches are all on the same IP range (e.g. 192.168.10.x) add the following to your /etc/ssh/ssh_config file:
Host 192.168.10.*
        KexAlgorithms +diffie-hellman-group1-sha1
        Ciphers +3des-cbc
© Copyright Precedence Technologies 1999-2024
Page last modified on February 19, 2024, at 10:01 AM by sborrill