KB ID 0001476
Problem
When attempting to connect to a Cisco ASA firewall via SSH you see the following error;
The first key-exchange algorithm supported by the server is diffie-hellman-group1-sha1, which is below the configured warning threshold.
Do you want to continue with this connection?
Clicking ‘Yes’ will let you connect.
Solution
When connected, execute the following commands;
[box]conf t
ssh key-exchange group dh-group14-sha1
write mem[/box]
Problem solved.
You may want to edit this article – the command in the grey field is wrong, but what you have in the putty screenshot is correct
Ah Typo! Thanks Peter – fixed!
I am planning to change “ssh key-exchange group dh-group14-sha1” to “ssh key-exchange group dh-group1-sha1” in the production environment.
Is there a chance that i may loose connectivity and can not get in remotely ?
If you concerned open an ASDM connection then execute the command.
I’m on a text lab and this is the error message that I have received after configuring the RSA key at 2048 MODULUS.
This new error message, do we know what causes it? And, what does the line fix really do? Sounds to me like it’s an antidote, but not sure what the illness is.
Is this a cert secured Tunnel? If so it looks like at least one end cant understand the cert signing algorithm? If so, use the search above, I had a similar problem a few years ago.
but i facing access denied when typing password, so can i do anything to solve this problem?
Thanks in advance.
Access denied after the password has nothing to do with this error message?