https://community.cisco.com/t5/web-security/ssh-issues-after-upgrading-to-async-8-0-m670/m-p/2228530#M3399 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Kindly open a TAC case to get futher assistance. </P><P></P><P>Regards,</P><P>Puja</P></BODY></HTML> Sat, 08 Jun 2013 17:56:20 GMT Puja Mahapatra 2013-06-08T17:56:20Z https://community.cisco.com/t5/web-security/ssh-issues-after-upgrading-to-async-8-0-m670/m-p/2228529#M3398 <P>I can no longer connect to 2 WSA from the M670 appliance after upgrading to 8.0.&nbsp; I get prompted for credentials then it just hangs when I input my credentials.</P><P></P><P>Before running this latest AsyncOS update release, I checked the configuration of the log subscription files to verify the SSH1 setting and it was not configured.&nbsp; Apparently, there were other configurations that use SSH1 that I was not aware of so it was not checked and changed.&nbsp; Just on a side note, I tried to run the command 'logconfig &gt; hostkeyconfig' (via Putty) on the M670 appliance but the command would run and it would immediately exit out of Putty so I was not able to view or change the SSH settings.</P> Fri, 07 Jun 2013 00:27:54 GMT https://community.cisco.com/t5/web-security/ssh-issues-after-upgrading-to-async-8-0-m670/m-p/2228529#M3398 HT Managed_Services 2013-06-07T00:27:54Z https://community.cisco.com/t5/web-security/ssh-issues-after-upgrading-to-async-8-0-m670/m-p/2228530#M3399 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Kindly open a TAC case to get futher assistance. </P><P></P><P>Regards,</P><P>Puja</P></BODY></HTML> Sat, 08 Jun 2013 17:56:20 GMT https://community.cisco.com/t5/web-security/ssh-issues-after-upgrading-to-async-8-0-m670/m-p/2228530#M3399 Puja Mahapatra 2013-06-08T17:56:20Z https://community.cisco.com/t5/web-security/ssh-issues-after-upgrading-to-async-8-0-m670/m-p/2228531#M3400 <HTML><HEAD></HEAD><BODY><P>Hello </P><P> We have recently found a defect tjay lead to this behavior.&nbsp; Degeft ID <A href="https://www.cisco.com/cisco/psn/bssprt/bss?searchType=bstbugidsearch&amp;page=bstBugDetail&amp;BugID=CSCuh38818" target="_blank">CSCuh38818</A></P><P></P><P>The problem only happens if the SMA appliance has a SSHv1 key in its configuration before upgrading to the AsyncOS 8.0 for management.</P><P></P><P>Workaround:</P><P>On the Cisco Security Management Appliance (SMA) running 8.0 version:</P><P></P><P>1) Save the configuration file under GUI &gt; System Administration &gt; Configure</P><P></P><P>2) Ensure that the passwords are un-masked so that we can re-upload the configuration file</P><P></P><P>3) Open the configuration file in a text editor, search for "hostkey" and delete the host key/s which look like below</P><P><HOSTKEY><IP_ADDRESS> 2048 xx .....</IP_ADDRESS></HOSTKEY></P><P></P><P>4) Upload the new configuration on SMA and commit changes</P><P>5) Once done, the WSA appliance should be able to authenticate&nbsp; any WSA and ESA appliance.</P><P></P><P>Regards,</P><P></P><P>-Alvaro</P></BODY></HTML> Mon, 10 Jun 2013 15:28:55 GMT https://community.cisco.com/t5/web-security/ssh-issues-after-upgrading-to-async-8-0-m670/m-p/2228531#M3400 Alvaro J Gordon-Escobar 2013-06-10T15:28:55Z https://community.cisco.com/t5/web-security/ssh-issues-after-upgrading-to-async-8-0-m670/m-p/2228532#M3401 <HTML><HEAD></HEAD><BODY><P>Alvaro,</P><P></P><P>Thank you for your response, your recommendation worked like a charm.&nbsp; Following the upload of the configuration without the "<HOSTKEY><IP_ADDRESS> 2048 xx ....." entries and a reboot, connectivity was restored. <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/tiny_mce3/plugins/jiveemoticons/images/spacer.gif"></SPAN></IP_ADDRESS></HOSTKEY></P></BODY></HTML> Thu, 13 Jun 2013 23:43:28 GMT https://community.cisco.com/t5/web-security/ssh-issues-after-upgrading-to-async-8-0-m670/m-p/2228532#M3401 HT Managed_Services 2013-06-13T23:43:28Z