Unable to ssh ASA Management Interface

Answered Question
Jan 28th, 2009

I am able to ping ASA management interface, but I can't ssh into it. Below is the ssh debug output. The key is already been generated on ASA. What could be the reasons for it to fail.

SSH2 0: SSH2_MSG_KEXINIT received

SSH2 0: SSH2_MSG_KEXINIT sent

SSH2: kex: client->server aes256-cbc hmac-sha1 none

SSH2: kex: server->client aes256-cbc hmac-sha1 none

SSH2 0: expecting SSH2_MSG_KEXDH_INIT

SSH2 0: SSH2_MSG_KEXDH_INIT received

SSH2 0: signature length 143

SSH2: kex_derive_keys complete

SSH2 0: newkeys: mode 1

SSH2 0: newkeys: rekeying

SSH2 0: SSH2_MSG_NEWKEYS sent

SSH2 0: waiting for SSH2_MSG_NEWKEYS

SSH2 0: newkeys: mode 0

SSH2 0: newkeys: rekeying

I have this problem too.
0 votes
Correct Answer by eddie.mitchell@... about 7 years 10 months ago

Have you tried removing the old key via the "crypto key zeroize rsa" command and generating a new one?

I would also make sure you have restricted SSH to the fewest number of source host(s) as possible and require the use of SSH version 2 only.

Hope this helps.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
eddie.mitchell@... Wed, 01/28/2009 - 18:36

Have you tried removing the old key via the "crypto key zeroize rsa" command and generating a new one?

I would also make sure you have restricted SSH to the fewest number of source host(s) as possible and require the use of SSH version 2 only.

Hope this helps.

Actions

This Discussion