cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


14282
Views
60
Helpful
2
Replies

ASA - the first key-exchange algorithm supported by the server is diffie-hellman-group1-sha1

Hi guys,

When I SSH into my home test server I see the following error on Putty:

"The first key-exchange algorithm supported by the server is diffie-hellman-group1-sha1".

 As SHA1 is no longer secure, I'd like to switch to something more secure.

However, when I run 


# ssh key-exchange group ?

configure mode commands/options:
dh-group1-sha1 Diffie-Hellman group 2
dh-group14-sha1 Diffie-Hellman group 14

I see that both the options are for sha1 only.

How can I use different hashing mechanisms?

Thanks,

Dario

2 REPLIES 2
Beginner

Hi

Hi

it seems you don't have license for other security protocols, check it

Highlighted
Beginner

Hello, Dario.

Hello, Dario.

I would like to suggest you to change default algorithm on server, like this:
ssh key-exchange group dh-group14-sha1

That might help