Menu Close

Login from Linux to Cisco ASA – SSH problem

Trying to connet from my linux terminal on Cisco ASA ssh using

ssh palo@192.168.10.1
Unable to negotiate with 192.168.10.1 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

return the error on diffie hellman unmatch.

Working solution is to add an ssh options with "-o", which specify the key exchange method that are used to generate per-connection keys

-oKexAlgorithms=+diffie-hellman-group1-sha1

So working solutions is:

ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 palo@192.168.10.1

The authenticity of host '192.168.10.1 (192.168.10.1)' can't be established.
RSA key fingerprint is SHA256:f7fovvYPEEb5Hggrw1/0C0SQHdFncWWmQCvtepBQAgc.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.10.1' (RSA) to the list of known hosts.
palo@192.168.10.1's password:
******
Type help or '?' for a list of available commands.
kis-asa-5515X>
5/5 - (1 vote)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.