There must be a ssh cipher configuration command available, if not, upgrade. As a sidenote there is a new feature that comes with version 9.6(1) and 9.1(7). The permanent and much better solution is of course to tell the ASA not to use sha1. Type help or '?' for a list of available commands. In OSX you add the parameter -oKexAlgorithms=+diffie-hellman-group1-sha1 to make the client accept sha1: bash>ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 password: The quick fix to this is to temporary accept sha1 in your ssh client. In some Cisco ASA firewalls running older code you might find that connecting with ssh to the device gives you an error message similar to this: bash>ssh to negotiate with 10.192.168.1 port 22: no matching key exchange method found. Sha1 is deprecated as hash algoritm and should not be used. To connect anyway I must add the parameter -oKexAlgorithms=+diffie-hellman-group1-sha1 to ssh. Short story: With SSH-clients based on OpenSSH 7.0 (like my OSX Mac) I cannot connect with SSH to a Cisco Firewall.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |