There are a few ways to manage Cisco ASA over VPN tunnel. One is to use outside public IP unless dynamic or private/PAT IP is used. Another is by assigning dedicated interface with management-access <interface> command for over VPN access. And the last one is to manage it from the local workstation. I wanted to use SFR module to access ASA cli when none of the above worked or available.
To SSH from sfr module you need to enter expert mode and elevate to sudo su but l got the following error.
Unable to negotiate :no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
The fix is to expand command to include proper key exchange algorithm:
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 username@ASA_IP
Make sure sfr module IP is allowed to SSH on proper ASA interface.