Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
29714
Views
76
Helpful
3
Replies

ASA - the first key-exchange algorithm supported by the server is diffie-hellman-group1-sha1

Dario Francesco Vanin
Level 1
Level 1

‎04-12-2017 05:07 PM - edited ‎03-12-2019 02:12 AM

Hi guys,

When I SSH into my home test server I see the following error on Putty:

"The first key-exchange algorithm supported by the server is diffie-hellman-group1-sha1".

 As SHA1 is no longer secure, I'd like to switch to something more secure.

However, when I run 


# ssh key-exchange group ?

configure mode commands/options:
dh-group1-sha1 Diffie-Hellman group 2
dh-group14-sha1 Diffie-Hellman group 14

I see that both the options are for sha1 only.

How can I use different hashing mechanisms?

Thanks,

Dario

2 people had this problem
Labels:
0 Helpful
3 Replies 3

nurbol555
Level 1
Level 1

‎04-12-2017 11:36 PM

Hi

it seems you don't have license for other security protocols, check it

0 Helpful

Rinat Garipov
Level 1
Level 1

‎06-07-2017 05:59 AM

Hello, Dario.

I would like to suggest you to change default algorithm on server, like this:
ssh key-exchange group dh-group14-sha1

That might help

Star Sulaiman
Level 1
Level 1
In response to Rinat Garipov

‎03-23-2024 05:26 AM

Thank you Rinat for sharing this.

Regards

SS

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card