取消
显示结果 
搜索替代 
您的意思是: 
cancel
666
查看次数
0
有帮助
6
回复

FPR2140 ASA SSH failonfiged

renma19th
Level 1
Level 1

in ASA,i have enter SSH command :

crypto key generate rsa modulus 1024

aaa authentication ssh console LOCAL

ssh 172.32.254.0 255.255.255.0 management

ssh version 2
ssh key-exchange group dh-group1-sha1

Yesterday when i configed,i can logined from SSH。and write,power down。and today,when i power up the ASA, I can not login SSH。i have re-config the command and reload ASA. but fail again.The fault information as follows:

key exchange faild

No compatible key-exchange method . The server supports these methods : diffie-hellman

The diffie hellman key exchange method is off by default to address the logjam vulnerability . It can be turned on in the sessions options dialog in the  Connection / SSH2 category in order to connect to servers that only supportle -diffie-hellman

 

1 个已接受解答

已接受的解答

i try write erase and reload the ASA. and try go re-configure using Console again

This is not the best practice to configure SSH to erase all the config.

can we have running configuration (removing sensitive information to have look)

follow below guide - for SSH access :

https://www.cisco.com/c/en/us/td/docs/security/asa/asa917/configuration/general/asa-917-general-config/admin-management.html#ID-2111-0000013a

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

在原帖中查看解决方案

6 条回复6

renma19th
Level 1
Level 1

I use CRT v9.1 and Xshell 7,and other PC use CRT ,but problem is still.

balaji.bandi
Hall of Fame
Hall of Fame

Try to understand the issue you have configured SSH config using Console and you tested and working.

After Off and n - the configuration not working was SSH

i need to ask here, you try go configure here using Console again ? did you see the configuration or the configuration lost ?

or the configuration remain save and you not able to login to ASA ?.

what ASA  version code ?

what client you using to connect ? (if putty , get latest version of putty and test it ?)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

yes, when i can not SSH to ASA, i try write erase and reload the ASA. and try go re-configure using Console again. but the problem still persists . I compared the old-config and new-config,no difference found.

ASA Version 9.8(4)20

MY client is CRT Version9.1  and Xshell 7。I request my colleagues try SSH use her PC, she also unable to login use SSH. But we can SSH to fxos and use "connect asa" command to ASA

 

ssh stack ciscossh

Try add this command and check

MHM

i try write erase and reload the ASA. and try go re-configure using Console again

This is not the best practice to configure SSH to erase all the config.

can we have running configuration (removing sensitive information to have look)

follow below guide - for SSH access :

https://www.cisco.com/c/en/us/td/docs/security/asa/asa917/configuration/general/asa-917-general-config/admin-management.html#ID-2111-0000013a

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

renma19th
Level 1
Level 1

well, i change another ASA device.  the issus is has disappeared

快捷链接