The ASA? The key there existed before my involvement, so I have no idea where it was generated. But I thought this was a problem with the local key of the rancid host, which was generated on it.

You didn’t by chance generate this key your using on a windows device and then SCP it to your asa did you? All the white space errors are jumping out at me making me think there’s a problem in the CR / LF handling but that’s an absolute pure guess so please add as many grains of salt as you feel is warranted.:)


On May 10, 2017, at 5:44 PM, Wayne Eisenberg <***@CarolinasIT.com<mailto:***@CarolinasIT.com>> wrote:

Hi all,

I was setting up a new ASA 5545 to be part of our happy family, and it would not let rancid/ssh login to it, although putty has no problem. The output I get is:

[***@hosted]$ ssh -vvv -c aes256-cbc -x -l <***> <x.x.x.x>
OpenSSH_5.1p1, OpenSSL 0.9.8i 15 Sep 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to [x.x.x.x] port 22.
debug1: Connection established.
debug1: identity file /home/rancid/.ssh/identity type -1
debug3: Not a RSA1 key file /home/rancid/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /home/rancid/.ssh/id_rsa type 1
debug1: identity file /home/rancid/.ssh/id_dsa type -1
ssh_exchange_identification: Connection closed by remote host

The relevant part of the firewall config:
ssh scopy enable
ssh y.y.y.y z.z.z.z outside
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 30
ssh key-exchange group dh-group1-sha1

I suspect the key-exchange group line is the issue, but dang if I can figure out how to resolve it. I do not have any problems with using ssh on any other device at all. So yes, I have an id_rsa file that seems to be just fine since I connect to all the other devices.

The /etc/ssh/ssh_config file is only comments, no commands in there. If I try to add a line for KexAlgorithms, ssh gives me an error, ‘bad configuration option’.

ssh –V => OpenSSH_5.1p1, OpenSSL 0.9.8i 15 Sep 2008
ssh –Q is not a valid option


Any ideas?

Thanks,
Wayne



________________________________

The information in this Internet e-mail (and any attachments) is confidential, may be legally privileged and is intended solely for the Addressee(s) named above. If you are not the intended recipient, or the employee or agent responsible for delivering it to the intended recipient, then any dissemination or copying of this e-mail (and any attachments) is prohibited and may be unlawful. If you received this e-mail in error, please immediately notify us by e-mail or telephone, then delete the message. Thank you.