HomeASASSH Error “no matching key exchange method found. Their offer: diffie-hellman-group1-sha1” when connecting to Cisco ASA from Linux

SSH Error “no matching key exchange method found. Their offer: diffie-hellman-group1-sha1” when connecting to Cisco ASA from Linux

Software Effect Enterprises, Inc Posted on by

Note – if you are getting this error, you really should update the ios or your equipment. But there are situations where that cant be done – so – Add the following lines to either the /etc/ssh/ssh_config file or the ~/.ssh/config file

Host x.x.x.x
KexAlgorithms diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
Ciphers 3des-cbc,aes128-cbc,aes128-ctr,aes256-ctr

replace x.x.x.x with the ip address or the FQDN of the host you are connecting to.

Note – if you dont include the line “Ciphers +aes128-cbc” you will get the error message:

no matching cipher found. Their offer: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc

Modify the asa

add the following lines to the configuration

ssh version 2
ssh cipher encryption custom "aes256-ctr:aes128-ctr"
ssh key-exchange group dh-group14-sha1

 

Comments are closed.