03-30-2018 04:12 AM - edited 02-21-2020 07:34 AM
Hello,
I an in the process of installing a FP2110 with an ASA image. The version installed is 9.9.2. I cannot connect via SSH. ASDM runs without a problem. This is the output of 'ssh debug 128':
server version string:SSH-2.0-Cisco-1.25
SSH0: receive SSH message: 83 (83)
SSH0: client version is - SSH-2.0-PuTTY_Release_0.70
client version string:SSH-2.0-PuTTY_Release_0.70
SSH2 0: send: len 288 (includes padlen 5)
SSH2 0: SSH2_MSG_KEXINIT sent
SSH2 0: ssh_receive: 1104 bytes received
SSH2 0: input: packet len 1104
SSH2 0: partial packet 8, need 1096, maclen 0
SSH2 0: input: padlen 4
SSH2 0: received packet type 20
SSH2 0: SSH2_MSG_KEXINIT received
SSH2 0: matching cipher is not supported: aes256-ctr
SSH2 0: ssh: kex_choose_conf error
SSH2 0: key exchange failed to completeSSH0: Session disconnected by SSH server - error 0x00 "Internal error"
Here's some config output:
ciscoasa# sh ssh ciphers
Available SSH Encryption and Integrity Algorithms
Encryption Algorithms:
all: 3des-cbc aes128-cbc aes192-cbc aes256-cbc aes128-ctr aes192-ctr aes256-ctr
low: 3des-cbc aes128-cbc aes192-cbc aes256-cbc aes128-ctr aes192-ctr aes256-ctr
medium: aes128-cbc aes192-cbc aes256-cbc aes128-ctr aes192-ctr aes256-ctr
fips: aes128-cbc aes256-cbc
high: aes256-cbc aes256-ctr
ciscoasa# sh run aaa
aaa authentication ssh console LOCAL
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication login-history
Am I missing something ? The supported ciphers are all enabled on Mac OS and I never encountered this problem with Putty (0.70 latest version on WIndows). I have also tried OpenSSH on Windows.
With kind regards,
Marcel Tempelman
03-30-2018 04:29 AM
Hmmmm need to add a license first, then it will probably work:
L-FPR2K-ENC-K9=
I will report back.
03-30-2018 04:55 AM
Yups it was the license...... So do not forget to register the device with your Smart Account. This will get the device into evaluation mode. Then order this free SKU and have a party :-)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: