Cisco ASA: ssh from sfr module

There are a few ways to manage Cisco ASA over VPN tunnel. One is to use outside public IP unless dynamic or private/PAT IP is used. Another is by assigning dedicated interface with management-access <interface> command for over VPN access. And the last one is to manage it from the local workstation. I wanted to use SFR module to access ASA cli when none of the above worked or available.

To SSH from sfr module you need to enter expert mode and elevate to sudo su but l got the following error.

Unable to negotiate :no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

The fix is to expand command to include proper key exchange algorithm:

ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 username@ASA_IP

Make sure sfr module IP is allowed to SSH on proper ASA interface.

Leave a reply:

Your email address will not be published.

Site Footer

Sliding Sidebar