https://community.cisco.com/t5/%E5%AE%89%E5%85%A8%E8%AE%A8%E8%AE%BA%E5%8C%BA/fpr2140-asa-ssh-failonfiged/m-p/5041566#M9062 <LI-CODE lang="markup">i try write erase and reload the ASA. and try go re-configure using Console again</LI-CODE> <P>This is not the best practice to configure SSH to erase all the config.</P> <P>can we have running configuration (removing sensitive information to have look)</P> <P>follow below guide - for SSH access :</P> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/asa/asa917/configuration/general/asa-917-general-config/admin-management.html#ID-2111-0000013a" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/asa/asa917/configuration/general/asa-917-general-config/admin-management.html#ID-2111-0000013a</A></P> <P>&nbsp;</P> Sun, 17 Mar 2024 07:54:13 GMT balaji.bandi 2024-03-17T07:54:13Z https://community.cisco.com/t5/%E5%AE%89%E5%85%A8%E8%AE%A8%E8%AE%BA%E5%8C%BA/fpr2140-asa-ssh-failonfiged/m-p/5041420#M9057 <P>in ASA，i have enter SSH command ：</P><P>crypto key generate rsa modulus 1024</P><P>aaa authentication ssh console LOCAL</P><P>ssh 172.32.254.0 255.255.255.0 management</P><P>ssh version 2<BR />ssh key-exchange group dh-group1-sha1</P><P>Yesterday when i configed，i can logined from SSH。and write，power down。and today，when i power up the ASA, I can not login SSH。i have re-config the command and reload ASA. but fail again.The fault information as follows:</P><P>key exchange faild</P><P>No compatible key-exchange method . The server supports these methods : diffie-hellman</P><P>The diffie hellman key exchange method is off by default to address the logjam vulnerability . It can be turned on in the sessions options dialog in the&nbsp; Connection / SSH2 category in order to connect to servers that only supportle -diffie-hellman</P><P>&nbsp;</P> Sat, 16 Mar 2024 16:35:54 GMT https://community.cisco.com/t5/%E5%AE%89%E5%85%A8%E8%AE%A8%E8%AE%BA%E5%8C%BA/fpr2140-asa-ssh-failonfiged/m-p/5041420#M9057 renma19th 2024-03-16T16:35:54Z https://community.cisco.com/t5/%E5%AE%89%E5%85%A8%E8%AE%A8%E8%AE%BA%E5%8C%BA/fpr2140-asa-ssh-failonfiged/m-p/5041423#M9058 <P>I use CRT v9.1 and Xshell 7,and other PC use CRT ,but problem is still.</P> Sat, 16 Mar 2024 16:48:59 GMT https://community.cisco.com/t5/%E5%AE%89%E5%85%A8%E8%AE%A8%E8%AE%BA%E5%8C%BA/fpr2140-asa-ssh-failonfiged/m-p/5041423#M9058 renma19th 2024-03-16T16:48:59Z https://community.cisco.com/t5/%E5%AE%89%E5%85%A8%E8%AE%A8%E8%AE%BA%E5%8C%BA/fpr2140-asa-ssh-failonfiged/m-p/5041428#M9059 <P>Try to understand the issue you have configured SSH config using Console and you tested and working.</P> <P>After Off and n - the configuration not working was SSH</P> <P>i need to ask here, you try go configure here using Console again ? did you see the configuration or the configuration lost ?</P> <P>or the configuration remain save and you not able to login to ASA ?.</P> <P>what ASA&nbsp; version code ?</P> <P>what client you using to connect ? (if putty , get latest version of putty and test it ?)</P> Sat, 16 Mar 2024 17:01:34 GMT https://community.cisco.com/t5/%E5%AE%89%E5%85%A8%E8%AE%A8%E8%AE%BA%E5%8C%BA/fpr2140-asa-ssh-failonfiged/m-p/5041428#M9059 balaji.bandi 2024-03-16T17:01:34Z https://community.cisco.com/t5/%E5%AE%89%E5%85%A8%E8%AE%A8%E8%AE%BA%E5%8C%BA/fpr2140-asa-ssh-failonfiged/m-p/5041479#M9060 <P>yes, when i can not SSH to ASA, i try write erase and reload the ASA. and try go re-configure using Console again. but&nbsp;the problem still persists .&nbsp;I compared the old-config and new-config,no difference found.</P><P>ASA&nbsp;Version 9.8(4)20</P><P>MY client is CRT Version9.1&nbsp; and&nbsp;<SPAN>Xshell 7。I request my colleagues try SSH use her PC, she also&nbsp;unable to login use SSH. But we can SSH to fxos and use "connect asa" command to ASA</SPAN></P><P>&nbsp;</P> Sat, 16 Mar 2024 20:29:29 GMT https://community.cisco.com/t5/%E5%AE%89%E5%85%A8%E8%AE%A8%E8%AE%BA%E5%8C%BA/fpr2140-asa-ssh-failonfiged/m-p/5041479#M9060 renma19th 2024-03-16T20:29:29Z https://community.cisco.com/t5/%E5%AE%89%E5%85%A8%E8%AE%A8%E8%AE%BA%E5%8C%BA/fpr2140-asa-ssh-failonfiged/m-p/5041481#M9061 <PRE id="wp8411317820__codeblock_vkh_hd1_jzb" class="pre codeblock"><CODE><KBD class="userinput"><STRONG class="ph userinput">ssh stack ciscossh</STRONG></KBD></CODE></PRE> <P>Try add this command and check</P> <P>MHM</P> Sat, 16 Mar 2024 20:34:39 GMT https://community.cisco.com/t5/%E5%AE%89%E5%85%A8%E8%AE%A8%E8%AE%BA%E5%8C%BA/fpr2140-asa-ssh-failonfiged/m-p/5041481#M9061 MHM Cisco World 2024-03-16T20:34:39Z https://community.cisco.com/t5/%E5%AE%89%E5%85%A8%E8%AE%A8%E8%AE%BA%E5%8C%BA/fpr2140-asa-ssh-failonfiged/m-p/5041566#M9062 <LI-CODE lang="markup">i try write erase and reload the ASA. and try go re-configure using Console again</LI-CODE> <P>This is not the best practice to configure SSH to erase all the config.</P> <P>can we have running configuration (removing sensitive information to have look)</P> <P>follow below guide - for SSH access :</P> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/asa/asa917/configuration/general/asa-917-general-config/admin-management.html#ID-2111-0000013a" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/asa/asa917/configuration/general/asa-917-general-config/admin-management.html#ID-2111-0000013a</A></P> <P>&nbsp;</P> Sun, 17 Mar 2024 07:54:13 GMT https://community.cisco.com/t5/%E5%AE%89%E5%85%A8%E8%AE%A8%E8%AE%BA%E5%8C%BA/fpr2140-asa-ssh-failonfiged/m-p/5041566#M9062 balaji.bandi 2024-03-17T07:54:13Z https://community.cisco.com/t5/%E5%AE%89%E5%85%A8%E8%AE%A8%E8%AE%BA%E5%8C%BA/fpr2140-asa-ssh-failonfiged/m-p/5044694#M9063 <P>well, i change another ASA device.&nbsp; the issus is&nbsp;has disappeared</P> Wed, 20 Mar 2024 01:19:30 GMT https://community.cisco.com/t5/%E5%AE%89%E5%85%A8%E8%AE%A8%E8%AE%BA%E5%8C%BA/fpr2140-asa-ssh-failonfiged/m-p/5044694#M9063 renma19th 2024-03-20T01:19:30Z