How-To: Change session configuration to be compatible with Cisco WLC devices

[bgagnon]

bgagnon: 02-26-2020, 9:54am : I've attached a Python script that should make the host key algorithm change easier.



Are you getting the following error when connecting to Cisco WLC devices?

The server has disconnected with an error. Server message reads:
A protocol error occurred. Bye Bye

If so, you likely need to change the session configuration to prefer a new host key algorithm and use a new key exchange method (available in SecureCRT v7.3 and later).

In the Key exchange grouping in the Connection / SSH2 category of Session Options:

• Move ecdh-sha2-nistp256 to the top (and make sure it is enabled)

The host key algorithm change is a little complicated. I have added this thread to a feature request to expose this in the GUI.

• Take note of the config folder location in the General / Configuration Paths category of SecureCRT's Global Options
  
  
• Close all instances of SecureCRT and SecureFX
  
  
• Go to the config folder location, inside the Sessions subfolder locate the session INI for the session you wish to change (or change Default.ini if an ad hoc connection)
  
  
• Make the following edits:

  From:
  D:"Use Global Host Key Algorithms"=00000001
  S:"Host Key Algorithms"=ssh-rsa,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,null,x509v3-sign-rsa,x509v3-sign-dss,ssh-dss
  
  To:
  D:"Use Global Host Key Algorithms"=00000000
  S:"Host Key Algorithms"=ecdsa-sha2-nistp256,ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,null,x509v3-sign-rsa,x509v3-sign-dss,ssh-dss

  NOTE: These two entries should be just one line each (no wrapping). Also, the host key algo string in your session INI may differ as far as content, what is important is to move ecdsa-sha2-nistp256 so it is the very first one after the equal sign. (Be sure to maintain the format of comma-delimited with no space after the comma for the string of algorithms.)

  
  
• Save changes