KB ID 0001476
Problem
When attempting to connect to a Cisco ASA firewall via SSH you see the following error;
The first key-exchange algorithm supported by the server is diffie-hellman-group1-sha1, which is below the configured warning threshold.
Do you want to continue with this connection?
Clicking ‘Yes’ will let you connect.
Solution
When connected, execute the following commands;
conf t
ssh key-exchange group dh-group14-sha1
write mem
Problem solved.
08/11/2018
You may want to edit this article – the command in the grey field is wrong, but what you have in the putty screenshot is correct
09/11/2018
Ah Typo! Thanks Peter – fixed!
17/09/2020
I am planning to change “ssh key-exchange group dh-group14-sha1” to “ssh key-exchange group dh-group1-sha1” in the production environment.
Is there a chance that i may loose connectivity and can not get in remotely ?
17/09/2020
If you concerned open an ASDM connection then execute the command.
11/01/2021
I’m on a text lab and this is the error message that I have received after configuring the RSA key at 2048 MODULUS.
This new error message, do we know what causes it? And, what does the line fix really do? Sounds to me like it’s an antidote, but not sure what the illness is.
11/01/2021
Is this a cert secured Tunnel? If so it looks like at least one end cant understand the cert signing algorithm? If so, use the search above, I had a similar problem a few years ago.
10/09/2021
but i facing access denied when typing password, so can i do anything to solve this problem?
Thanks in advance.
21/09/2021
Access denied after the password has nothing to do with this error message?