Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2124
Views
10
Helpful
4
Replies

Error Trying to connect to SSH to an FTD reimage to ASA

Go to solution
Alemend88
Beginner
Beginner

‎08-12-2020 06:28 PM

Hi guys could someone give me a hand on the following error that Im getting from the device, this is a FTD 2130 but it was reimage to ASA 9.8(4)25, below is the current config 

crypto key generate rsa modulus 2048

username **** password ***** priv 15

aaa authentication ssh console LOCAL
 ssh 0.0.0.0 0.0.0.0 management

ssh timeout 5
ssh version 2
ssh key-exchange group dh-group14-sha1

 

ssh -l user x.x.x.x 
[Connection to x.x.x.x aborted: error status 0]

 

 

Im able to ping the device and acces to it via telnet(which I will disable) however ssh its not working. Please let me know if Im missing something

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP Master VIP Master
VIP Master
In response to Alemend88

‎08-14-2020 08:02 AM

You can get a license from the licensing portal, without having to go via TAC.
Go to your Smart Account, then Get Licenses, then IPS, Crypto or Other
Select Security Products, then Cisco ASA 3DES/AES License

 

lic.PNG

View solution in original post

4 Replies 4

Go to solution
balaji.bandi
VIP Community Legend VIP Community Legend
VIP Community Legend

‎08-13-2020 01:04 AM

is this working before upgrade ? if it was working - regenreate crypto RSA Key and try again.

if it was not work ever, then post your configuration to look.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Mohammed al Baqari
VIP Advisor VIP Advisor
VIP Advisor

‎08-13-2020 02:33 AM

Hi,

try removing the command 'ssh key-exchange group dh-group14-sha1'. Your ssh
client might not support dh group 14. Just use the default dh group,
regenerate the key and see if it works.

**** remember to rate useful posts

Go to solution
Alemend88
Beginner
Beginner

‎08-14-2020 07:52 AM

Hi guys thank you very much for your answers,  I ran a debug ssh and found out that  AES or 3 DES encryption algorithm are not available, so I have a problem with the license, right now I have a ticket with TAC since they still have my license as a smart one.

 

sho ver | i AES
Encryption-3DES-AES : Disabled

 

Thanks a lot for the help 

0 Helpful

Go to solution
Rob Ingram
VIP Master VIP Master
VIP Master
In response to Alemend88

‎08-14-2020 08:02 AM

You can get a license from the licensing portal, without having to go via TAC.
Go to your Smart Account, then Get Licenses, then IPS, Crypto or Other
Select Security Products, then Cisco ASA 3DES/AES License

 

lic.PNG

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents