I setup an ASA recently and ran into an issue where I couldn’t SSH to the unit from a Mac device. Key pairs had been generated, version set, etc. The following error kept triggering:
Unable to negotiate with x.x.x.x port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
For a super quick (albeit less secure) fix, just add the indicated cipher suite to your Mac’s SSH config file.
- Open Terminal.
- Enter the following:
sudo nano ~/.ssh/config
- In your file, add the following lines:
host %ip address% KexAlgorithms +diffie-hellman-group1-sha1
- Enter CTL+O and CTL+X to save and exit nano.
You should find the time to upgrade the firmware on your ASA. It happened to me on ASA v9.8(1) with ASDM image 7.8(1)150.