01-28-2009 11:02 AM - edited 03-11-2019 07:43 AM
I am able to ping ASA management interface, but I can't ssh into it. Below is the ssh debug output. The key is already been generated on ASA. What could be the reasons for it to fail.
SSH2 0: SSH2_MSG_KEXINIT received
SSH2 0: SSH2_MSG_KEXINIT sent
SSH2: kex: client->server aes256-cbc hmac-sha1 none
SSH2: kex: server->client aes256-cbc hmac-sha1 none
SSH2 0: expecting SSH2_MSG_KEXDH_INIT
SSH2 0: SSH2_MSG_KEXDH_INIT received
SSH2 0: signature length 143
SSH2: kex_derive_keys complete
SSH2 0: newkeys: mode 1
SSH2 0: newkeys: rekeying
SSH2 0: SSH2_MSG_NEWKEYS sent
SSH2 0: waiting for SSH2_MSG_NEWKEYS
SSH2 0: newkeys: mode 0
SSH2 0: newkeys: rekeying
Solved! Go to Solution.
01-28-2009 06:36 PM
Have you tried removing the old key via the "crypto key zeroize rsa" command and generating a new one?
I would also make sure you have restricted SSH to the fewest number of source host(s) as possible and require the use of SSH version 2 only.
Hope this helps.
01-28-2009 06:36 PM
Have you tried removing the old key via the "crypto key zeroize rsa" command and generating a new one?
I would also make sure you have restricted SSH to the fewest number of source host(s) as possible and require the use of SSH version 2 only.
Hope this helps.
01-29-2009 04:40 AM
Specific host was missing from the source list.
Thanks.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: