https://community.cisco.com/t5/network-security/firepower-ssh-matching-cypher-is-not-support/m-p/4779592#M1098055 <P>What are the versions of Xshell you tried? I've used version 6 and 7 both and they work fine with newer ASA code. Older versions of terminal emulator programs (Xshell, SecureCRT, Putty etc.) may not support newer ciphers.</P> <P>The newer ASA code deprecated some older ciphers. Your attempt to change ssl ciphers has nothing to do with ssh ciphers.</P> <P>Please share the output of "show run ssh".</P> Tue, 21 Feb 2023 12:35:28 GMT Marvin Rhoads 2023-02-21T12:35:28Z https://community.cisco.com/t5/network-security/firepower-ssh-matching-cypher-is-not-support/m-p/4778901#M1098043 <P>we upgrade firepower 2130 from 9.10.1 to 9.16</P> <P>.4.14</P> <P>after ugrade we can't login firepower asa by using ssh xshell ，can login fxos</P> <P>from debug got&nbsp;</P> <P>ssh 2 matching cypher is not support</P> <P>actually from asa ssh cypher is support i change cypher on client but no use</P> <P>i tried reconfig asa regenerrate rsa key clear xshell key cache but no use</P> <P>give me some clue？</P> Tue, 21 Feb 2023 02:48:28 GMT https://community.cisco.com/t5/network-security/firepower-ssh-matching-cypher-is-not-support/m-p/4778901#M1098043 fly 2023-02-21T02:48:28Z https://community.cisco.com/t5/network-security/firepower-ssh-matching-cypher-is-not-support/m-p/4778913#M1098044 <P>Have you tried with different client like Putty or secure CRT latest one ?</P> <P>post below output from ASA :</P> <P>#show ip ssh</P> <P># show ssh ciphers</P> <P>also try below config see if that fix the issue ?</P> <P>ssl cipher tlsv1.2 all</P> Tue, 21 Feb 2023 03:57:45 GMT https://community.cisco.com/t5/network-security/firepower-ssh-matching-cypher-is-not-support/m-p/4778913#M1098044 balaji.bandi 2023-02-21T03:57:45Z https://community.cisco.com/t5/network-security/firepower-ssh-matching-cypher-is-not-support/m-p/4779085#M1098049 <P>Thank you</P> <P>i check show ssh cipher found asa support cipher which debug said no support&nbsp;</P> <P>I tried different ssh client putty crt xshell</P> <P>and clear key cache on xshell</P> <P>we will try latest ssh client and tlsv1.2 command</P> Tue, 21 Feb 2023 06:48:59 GMT https://community.cisco.com/t5/network-security/firepower-ssh-matching-cypher-is-not-support/m-p/4779085#M1098049 fly 2023-02-21T06:48:59Z https://community.cisco.com/t5/network-security/firepower-ssh-matching-cypher-is-not-support/m-p/4779239#M1098050 <P>we tried&nbsp;</P> <PRE class="prettyprint">ssh cipher encryption all</PRE> <PRE class="prettyprint">ssh cipher intergrad all<BR /><BR />but no use<BR />from debug same error<BR />ssh2 0 matching ciper is not support:aes256-cbc</PRE> <PRE class="prettyprint">I tried many cipher but same error</PRE> Tue, 21 Feb 2023 07:53:02 GMT https://community.cisco.com/t5/network-security/firepower-ssh-matching-cypher-is-not-support/m-p/4779239#M1098050 fly 2023-02-21T07:53:02Z https://community.cisco.com/t5/network-security/firepower-ssh-matching-cypher-is-not-support/m-p/4779248#M1098051 <P>this is weird,</P> <P>from firepower debug : asa&nbsp; and ssh client found match cipher ,&nbsp; bug why asa can't support, from show ssh , I can see asa enable match cipher , we upgrade from 9.10.1 to 9.16.4.14 ,&nbsp; &nbsp;it is weired , I can't find any usefule infortion</P> <P>&nbsp;I change cipher on asa , regenarate rsa key , clear key cache on client xshell, change client computer , and change xshell to crt , but no use , asa report same error from debug.</P> Tue, 21 Feb 2023 08:19:48 GMT https://community.cisco.com/t5/network-security/firepower-ssh-matching-cypher-is-not-support/m-p/4779248#M1098051 fly 2023-02-21T08:19:48Z https://community.cisco.com/t5/network-security/firepower-ssh-matching-cypher-is-not-support/m-p/4779475#M1098052 <P>I tried this command but got error</P> <P class="p1"><SPAN class="s1">ssl cipher tlsv1.2 all</SPAN></P> <P class="p1"><SPAN class="s1">error</SPAN><SPAN class="s2">：</SPAN><SPAN class="s1">invalid version/level combination </SPAN><SPAN class="s2">：</SPAN><SPAN class="s1">no compatible cipher found </SPAN></P> <P class="p1"><SPAN class="s1">error</SPAN><SPAN class="s2">：</SPAN><SPAN class="s1">unable to update ciphers</SPAN></P> Tue, 21 Feb 2023 10:46:33 GMT https://community.cisco.com/t5/network-security/firepower-ssh-matching-cypher-is-not-support/m-p/4779475#M1098052 fly 2023-02-21T10:46:33Z https://community.cisco.com/t5/network-security/firepower-ssh-matching-cypher-is-not-support/m-p/4779592#M1098055 <P>What are the versions of Xshell you tried? I've used version 6 and 7 both and they work fine with newer ASA code. Older versions of terminal emulator programs (Xshell, SecureCRT, Putty etc.) may not support newer ciphers.</P> <P>The newer ASA code deprecated some older ciphers. Your attempt to change ssl ciphers has nothing to do with ssh ciphers.</P> <P>Please share the output of "show run ssh".</P> Tue, 21 Feb 2023 12:35:28 GMT https://community.cisco.com/t5/network-security/firepower-ssh-matching-cypher-is-not-support/m-p/4779592#M1098055 Marvin Rhoads 2023-02-21T12:35:28Z https://community.cisco.com/t5/network-security/firepower-ssh-matching-cypher-is-not-support/m-p/4779648#M1098060 <P>Have you tried with different client like Putty or secure CRT latest one ?</P> <P>post below output from ASA :</P> <P>#show ip ssh</P> <P># show ssh ciphers</P> Tue, 21 Feb 2023 14:18:31 GMT https://community.cisco.com/t5/network-security/firepower-ssh-matching-cypher-is-not-support/m-p/4779648#M1098060 balaji.bandi 2023-02-21T14:18:31Z