in ASA,i have enter SSH command :
crypto key generate rsa modulus 1024
aaa authentication ssh console LOCAL
ssh 172.32.254.0 255.255.255.0 management
ssh version 2
ssh key-exchange group dh-group1-sha1
Yesterday when i configed,i can logined from SSH。and write,power down。and today,when i power up the ASA, I can not login SSH。i have re-config the command and reload ASA. but fail again.The fault information as follows:
key exchange faild
No compatible key-exchange method . The server supports these methods : diffie-hellman
The diffie hellman key exchange method is off by default to address the logjam vulnerability . It can be turned on in the sessions options dialog in the Connection / SSH2 category in order to connect to servers that only supportle -diffie-hellman
已解决! 转到解答。
i try write erase and reload the ASA. and try go re-configure using Console again
This is not the best practice to configure SSH to erase all the config.
can we have running configuration (removing sensitive information to have look)
follow below guide - for SSH access :
Try to understand the issue you have configured SSH config using Console and you tested and working.
After Off and n - the configuration not working was SSH
i need to ask here, you try go configure here using Console again ? did you see the configuration or the configuration lost ?
or the configuration remain save and you not able to login to ASA ?.
what ASA version code ?
what client you using to connect ? (if putty , get latest version of putty and test it ?)
yes, when i can not SSH to ASA, i try write erase and reload the ASA. and try go re-configure using Console again. but the problem still persists . I compared the old-config and new-config,no difference found.
ASA Version 9.8(4)20
MY client is CRT Version9.1 and Xshell 7。I request my colleagues try SSH use her PC, she also unable to login use SSH. But we can SSH to fxos and use "connect asa" command to ASA
ssh stack ciscossh
Try add this command and check
MHM
i try write erase and reload the ASA. and try go re-configure using Console again
This is not the best practice to configure SSH to erase all the config.
can we have running configuration (removing sensitive information to have look)
follow below guide - for SSH access :