Modern versions of OpenSSH will typically exclude insecure cipher suites by default - however this can cause problems with older devices that are using obsolete cipher suites - in my case an older generation ASA:
ssh [email protected]
Unable to negotiate with 10.0.1.1 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
However the long term solution (if possible) is to try and upgrade the firmware if available.
In order to access the system in the meantime we can instruct the OpenSSH client to use a weak cipher suite:
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 [email protected]
No comments:
Post a Comment