cancel
Showing results for 
Search instead for 
Did you mean: 

icx7150 upgrade to 09.0.10d breaks unleashed management of switch

matt_radecic
New Contributor

I know this seems to be a known issue with 09.0.10d but I haven't seen a workaround to get the ICX switch to properly connect in the unleashed AP. 

sshd: Unable to negotiate with 192.168.x.x port xxxxx: no matching host key type found. Their offer: ssh-rsa,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss

is there a solution to ensuring that icx devices on the latest FW are compatible with R510 / R710 

r710 unleashed AP: Current firmware version:  200.12.10.105.129

5 REPLIES 5

BenBeck
Moderator
Moderator

I was able to get it to work with:

SSH@ICX(config)#crypto key gen ec size 384

 

Ben Beck, RCNA, Principal Technical Support Engineer
support.ruckuswireless.com/contact-us

any other configuration changes? I think I tried so many different things that I'm in a non-idea state. is there a latest and greatest optimal out of the box config? I need to reload the switch as I zeroized the keys and broke ssh. I might as well reset factory and then set up 

the quick start guide is out of date now with the deprecated commands. 

I assume the above command would go first before anything else?

device> enable
    device# configure terminal
    device(config)# crypto-ssl certificate generate
    device(config)# username <username> password <password>
    device(config)# aaa authentication login default local
    device(config)# aaa authentication web-server default local
    device(config # no telnet server
    device(config # enable aaa console
    device(config)# web-management https
    device(config)# password-change any
    device(config)# ip ssh timeout 30
    device(config)# ip ssh idle-time 20
    device(config)# console timeout 30
    device(config)# write memory
    device(config)# exit
    device#

That was the only change for me (creating EC key pair). What do you see in:

show ip ssh config

The command I gave will just generate an elliptical key pair. You can have RSA and EC both present on the device. More details on the command here:

https://docs.commscope.com/bundle/fastiron-09010-commandref/page/GUID-74724EE0-E8FB-46A1-8FBA-9E2F34...

If you locked yourself out (no SSH keys and telnet disabled), you can just physically console to the device and create an SSH key (use the command I gave prior). You should then be able to access again. 

 

Ben Beck, RCNA, Principal Technical Support Engineer
support.ruckuswireless.com/contact-us

vesalius
New Contributor III
SSH@ICX(config)#crypto key gen ec size 384

This worked for me. Not immediately,  but eventually unleashed now can login and see my icx7150. Upgraded to 200.13… tonight and the login persisted.