cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


234
Views
5
Helpful
5
Replies
Beginner

Firepower 2120 via ssh(management)

Hi all, I try to get the ssh access to Firepower2120 via management interface but unssuccesfuly. I dont have the strong encyption license on my device and I know that ssh cant be work. But Cisco.com saying that I can connect to ssh via management port without strong encyption. When I try to connect to ssh via Putty to mgmnt port I get the error "ssh ver 1 is unsupported" When I try to enable ssh version 2 I get error "ssh ver 2 not supported without strobg encryption license" My question is: How to enable ssh ver 2 without strong encryption license or how I can get access to Firpower via ssh ver 1? Thank you.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Frequent Contributor

Re: Firepower 2120 via ssh(management)

From what I read, 3DES is supported out the box for management-only. You could try amending Putty and move 3DES to the top of the Cipher policy.
I have only used FTD software on the 2100 series so not sure on the ASA code behavior when installed on these boxes.
5 REPLIES 5
Frequent Contributor

Re: Firepower 2120 via ssh(management)

Have you enabled SSH v1 to be used from Putty? From the Putty main window, look down at SSH settings and amend from there. I believe Putty only tries V2 by default.

Beginner

Re: Firepower 2120 via ssh(management)

Thanks for your reply,

I found where  the ssh version 1 should be enabled on the Putty.

I'm looking for solution  how to enable ssh version 2 on Firepower mgmnt  without strong encryptions license 

Do you have this solution?

Frequent Contributor

Re: Firepower 2120 via ssh(management)

You must be running the ASA code on the FTD device? Is this correct?

Someone else may be able to advise further but see below -

Firepower 2100
Note
You cannot receive an evaluation license for Strong Encryption (3DES/AES); you must register with the License Authority to receive the export-compliance token that enables the Strong Encryption (3DES/AES) license.
Beginner

Re: Firepower 2120 via ssh(management)

Yes, I use ASA code on the Firepower. I know that I should use strong encryption for ssh ver 2 but I want to use ssh ver 2 on my device without strong encryption license. It's possible?? Cisco guide saying that I can access to ASA management interface without encypt license.
Highlighted
Frequent Contributor

Re: Firepower 2120 via ssh(management)

From what I read, 3DES is supported out the box for management-only. You could try amending Putty and move 3DES to the top of the Cipher policy.
I have only used FTD software on the 2100 series so not sure on the ASA code behavior when installed on these boxes.