Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
13020
Views
0
Helpful
20
Replies

problem with ssh access on asa

Diego Maciel Gomes
Level 1
Level 1

‎09-04-2012 11:21 AM - edited ‎03-11-2019 04:49 PM

Hello All,

I have a problem with my ssh access.

I have two interfaces, 172.17.5.250 = Outside, security Level 0

                                10.11.3.2 = Inside, security Level 1

I can access by ssh using Outside

I can not access by ssh using Inside. I receive this message in my prompt:

ssh user@10.11.3.2

Selected cipher type <unknown> not supported by server.

I tried with ssh -1 and ssh -2. Not works.

I have ssh allowed for this source network. SSH version 1&2.

I tried:

ASA(config)#crypto key zeroize rsa

Issue this command in order to generate the new key:

ASA(config)# crypto key generate rsa modulus 1024

But no success

Cisco 8.2(12)2

Thanks

Labels:
0 Helpful
20 Replies 20

Diego Maciel Gomes
Level 1
Level 1
In response to Julio Carvajal

‎09-05-2012 04:17 AM

Hi Jullio...

Follow..

FW(config)# crypto key zeroize rsa
WARNING: All RSA keys will be removed.
WARNING: All device digital certificates issued using these keys will also be removed.

Do you really want to remove these keys? [yes/no]: yes

and now? generate new?

0 Helpful

Diego Maciel Gomes
Level 1
Level 1

‎09-05-2012 05:06 AM

I generated... but, no way

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to Diego Maciel Gomes

‎09-05-2012 09:27 AM

Hello Diego,

Do you still get the same log from the client?

What logs are being showed by the ASA?

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Diego Maciel Gomes
Level 1
Level 1
In response to Julio Carvajal

‎09-05-2012 09:55 AM

So..

FWINTERNO# debug ssh
debug ssh  enabled at level 1


FW# Device ssh opened successfully.
SSH1: SSH client: IP = '172.19.4.121'  interface # = 2
SSH: host key initialised
SSH1: starting SSH control process
SSH1: Exchanging versions - SSH-1.5-Cisco-1.25

SSH1: send SSH message: outdata is NULL

server version string:SSH-1.5-Cisco-1.25SSH1: receive SSH message: 83 (83)
SSH1: client version is - SSH-1.5-OpenSSH_4.3

client version string:SSH-1.5-OpenSSH_4.3SSH1: begin server key generation
SSH1: complete server key generation, elapsed time = 910 ms
SSH1: declare what cipher(s) we support:
00  0x00  0x00  0x04  0xSSH1: send SSH message: SSH_SMSG_PUBLIC_KEY (2)
SSH1: SSH_SMSG_PUBLIC_KEY message sent
SSH1: receive SSH message: [no message ID: variable *data is NULL]
SSH1: Session disconnected by SSH server - error 0x00 "Internal error"
SSH0: receive SSH message: SSH_CMSG_WINDOW_SIZE (11)

0 Helpful

Diego Maciel Gomes
Level 1
Level 1

‎09-05-2012 01:57 PM

And now?

Any idea???

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to Diego Maciel Gomes

‎09-05-2012 02:20 PM

Hello Diego,

Hmm provide the following:

Show version

Show run ssl

sh crypto key mypubkey rsa

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card