01-28-2009 11:02 AM - edited 03-11-2019 07:43 AM
I am able to ping ASA management interface, but I can't ssh into it. Below is the ssh debug output. The key is already been generated on ASA. What could be the reasons for it to fail.
SSH2 0: SSH2_MSG_KEXINIT received
SSH2 0: SSH2_MSG_KEXINIT sent
SSH2: kex: client->server aes256-cbc hmac-sha1 none
SSH2: kex: server->client aes256-cbc hmac-sha1 none
SSH2 0: expecting SSH2_MSG_KEXDH_INIT
SSH2 0: SSH2_MSG_KEXDH_INIT received
SSH2 0: signature length 143
SSH2: kex_derive_keys complete
SSH2 0: newkeys: mode 1
SSH2 0: newkeys: rekeying
SSH2 0: SSH2_MSG_NEWKEYS sent
SSH2 0: waiting for SSH2_MSG_NEWKEYS
SSH2 0: newkeys: mode 0
SSH2 0: newkeys: rekeying
Solved! Go to Solution.
01-28-2009 06:36 PM
Have you tried removing the old key via the "crypto key zeroize rsa" command and generating a new one?
I would also make sure you have restricted SSH to the fewest number of source host(s) as possible and require the use of SSH version 2 only.
Hope this helps.
01-28-2009 06:36 PM
Have you tried removing the old key via the "crypto key zeroize rsa" command and generating a new one?
I would also make sure you have restricted SSH to the fewest number of source host(s) as possible and require the use of SSH version 2 only.
Hope this helps.
01-29-2009 04:40 AM
Specific host was missing from the source list.
Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide