cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1892
Views
5
Helpful
5
Replies

Firepower 2120 via ssh(management)

TUITUI1053814
Level 1
Level 1

Hi all, I try to get the ssh access to Firepower2120 via management interface but unssuccesfuly. I dont have the strong encyption license on my device and I know that ssh cant be work. But Cisco.com saying that I can connect to ssh via management port without strong encyption. When I try to connect to ssh via Putty to mgmnt port I get the error "ssh ver 1 is unsupported" When I try to enable ssh version 2 I get error "ssh ver 2 not supported without strobg encryption license" My question is: How to enable ssh ver 2 without strong encryption license or how I can get access to Firpower via ssh ver 1? Thank you.

1 Accepted Solution

Accepted Solutions

From what I read, 3DES is supported out the box for management-only. You could try amending Putty and move 3DES to the top of the Cipher policy.
I have only used FTD software on the 2100 series so not sure on the ASA code behavior when installed on these boxes.

View solution in original post

5 Replies 5

GRANT3779
Spotlight
Spotlight

Have you enabled SSH v1 to be used from Putty? From the Putty main window, look down at SSH settings and amend from there. I believe Putty only tries V2 by default.

Thanks for your reply,

I found where  the ssh version 1 should be enabled on the Putty.

I'm looking for solution  how to enable ssh version 2 on Firepower mgmnt  without strong encryptions license 

Do you have this solution?

You must be running the ASA code on the FTD device? Is this correct?

Someone else may be able to advise further but see below -

Firepower 2100
Note
You cannot receive an evaluation license for Strong Encryption (3DES/AES); you must register with the License Authority to receive the export-compliance token that enables the Strong Encryption (3DES/AES) license.

Yes, I use ASA code on the Firepower. I know that I should use strong encryption for ssh ver 2 but I want to use ssh ver 2 on my device without strong encryption license. It's possible?? Cisco guide saying that I can access to ASA management interface without encypt license.

From what I read, 3DES is supported out the box for management-only. You could try amending Putty and move 3DES to the top of the Cipher policy.
I have only used FTD software on the 2100 series so not sure on the ASA code behavior when installed on these boxes.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: