Re: SSHv2 Key Exchange Method on CSPC

Michael Percival · ‎01-04-2023

Hello,

Does anyone know the SSH Key Exchanges CSPC supports and if there is a way to select more options? Trying to SSH to a Cisco Firepower from the collector and I believe it is failing because of the key exchanges. I know my credentials work because I logged into the firepower from SecureCRT, but I had to check an additional key exchanges to get it to work. These are the key exchange methods that the Firewall admin has enabled:

curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512

Thank you,

Mike

agkher · ‎01-04-2023

Hi Mike,

My name is Agrim Kher and I will be handling your request.

Please provide the screenshot of the error you are facing while trying to connect to the cisco firepower device.

Thanks,

Agrim

Michael Percival · ‎01-04-2023

Hello Agrim,

I am unsure where to get you the screenshot. I can't seem to find any detail log showing the SSH attempt, just that it failed.

Thanks,

Mike

Michael Percival · ‎01-05-2023

Agrim,

Is there a way to see on the server what key exchange methods are in use? The firepower uses stronger methods and I think it is possible the CSPC either doesn't support them or they need to be enabled.

Thank you

agkher · ‎01-09-2023

Hi Micheal,

Please let me know if you trying to ssh to a device from the collector.
If yes, please let me know the command you are using.

Thanks,

Agrim

Michael Percival · ‎01-10-2023

Hi Agrim,

No, I am not trying to SSH from the collector. It is part of the data collection process. However, after looking into this further, i believe the issue is with Cisco firewalls in general, as all of the firewalls I have in the collector fail CLI. Thank you for your responses, I no longer need assistance with this.

Thank you