Reset Search
 

 

Article

S-series devices cannot scp to Extreme Management server after the server is upgraded to version 8.2.x

« Go Back

Information

 
TitleS-series devices cannot scp to Extreme Management server after the server is upgraded to version 8.2.x
Symptoms
  • When the S-series device is setup to use SCP in Extreme Management firmware upgrade and archive attempts will fail.
  • If you ssh from the S-series to the Extreme Management server it will fail with the following output:  no kex alg
Environment
  • S-series 
  • Extreme Management 8.2.x and above
  • NetSight Console
Cause
The S-series supports diffie-hellman-group1-sha1 and diffie-hellman-group-exchange-sha1. Both of these are considered weak and are disabled now by default in OpenSSH 7.2.
Resolution
The best solution is to upgrade the firmware on the device:
The S-series device can be upgraded to version 08.63.05 or higher

Extreme Management can add the weak support back in using the following:
1. ssh into the XMC server 
2. edit your /etc/ssh/sshd_config and add the following line to the end of the file: 

KexAlgorithms +diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 

3. Save the file. 
4. issue the following command to restart sshd: service sshd restart
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255