How to modify default key exchange method for ciscodump and sshdump?

savecancel

When using SSH protocols, there are a range of key exchange (KEx) methods offered and the client and server then choose one based on a set of rules. It is generally possible to limit what is supported to force the KEx algorithm when running ssh client and/or servers. From your description, though, I don't see how this is the likely solution to your problem, which sounds like SSH basic connectivity. There are multiple moving parts to using these extcap tools in Wireshark, so how about start with the basics: what host OS system is running Wireshark: Windows, MacOS, Linux? What target system are you trying to connect to, Linux, Cisco router, something else?

Tip: before you try using these tools in Wireshark, make sure you can use ssh from the CLI of the Wireshark host OS to make connections as the user you plan to implement, and that ...(more)

Hi Bob,

Thanks for your answer. I'm able to ssh all devices from normal ssh command line, or any other program where I can setup the preferences. Unfortunatelly wireshark uses libssh which doesn't know the ssh proxycommand. I setuped the device's ssh server, generate several different rsa keymethode, but in the end the remote capture doesn't work. Neither ciscodump, nor sshdump. The funniest thing is, when it finally reached the older cisco router (ios 16) then fly away with interesting error. I attach the log file, hope you can see something which helps me out:

C:\Program Files\Wireshark\extcap>ssh baroh@192.0.2.50baroh@192.0.2.50's password: Permission denied, please try again. baroh@192.0.2.50's password:

C4331-1#exit Connection to 192.0.2.50 closed by remote host. Connection to 192.0.2.50 closed.

C:\Program Files ...(more)

On the device's side: C4331-1(config)# *Feb 16 16:55:51.903: %SYS-6-PRIVCFG_ENCRYPT_SUCCESS: Successfully encrypted private config file C4331-1(config)# *Feb 16 16:56:03.562: SSH0: starting SSH control process *Feb 16 16:56:03.562: SSH0: sent protocol version id SSH-2.0-Cisco-1.25 *Feb 16 16:56:03.562: SSH0: protocol version id is - SSH-2.0-libssh_0.11.1 *Feb 16 16:56:03.562: SSH2 0: ssh2_server_key_exchange: kexinit sent: kex algo = diffie-hellman-group14-sha1,diffie-he... *Feb 16 16:56:03.562: SSH2 0: Server certificate trustpoint not found. Skipping hostkey algo = x509v3-ssh-rsa *Feb 16 16:56:03.562: SSH2 0: kexinit sent: hostkey algo = ssh-rsa,rsa-sha2-256,rsa-sha2-512 *Feb 16 16:56:03.562: SSH2 0: kexinit sent: encryption algo = chacha20-poly1305@openssh.com,3des-cbc,aes128-cbc,aes128-ctr,aes128-gcm,aes128-gcm@openssh.com,aes192-cbc,aes192-ctr,aes256-cbc,aes256-ctr,aes256-gcm *Feb 16 16:56:03.563: SSH2 0: kexinit sent: mac algo = hmac-sha1,hmac-sha2-256,hmac-sha2-256-etm ...(more)

*Feb 16 16:56:03.802: SSH2 0: send:packet of length 16 (length also includes padlen of 10) *Feb 16 16:56:03.802: SSH2 0: newkeys: mode 1 *Feb 16 16:56:03.803: SSH2 0: SSH2_MSG_NEWKEYS sent *Feb 16 16:56:03.803: SSH2 0: Preparing SSH2_MSG_EXT_INFO server-sig-algs<ssh-rsa,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512,ssh-ed25519,x509v3-ecdsa-sha2-nistp256,x509v3-ecdsa-sha2-nistp384,x509v3-ecdsa-sha2-nistp521,x509v3-rsa2048-sha256,x509v3-ssh-rsa> *Feb 16 16:56:03.803: SSH2 0: send:packet of length 260 (length also includes padlen of 4) *Feb 16 16:56:03.803: SSH2 0: SSH2_MSG_EXT_INFO sent *Feb 16 16:56:03.803: SSH2 0: waiting for SSH2_MSG_NEWKEYS *Feb 16 16:56:03.815: SSH2 0: ssh_receive: 16 bytes received *Feb 16 16:56:03.815: SSH2 0: input: total packet length of 16 bytes *Feb 16 16:56:03.815: SSH2 0: partial packet length(block_size)8 bytes, needed 8 bytes, maclen 0 *Feb 16 ...(more)