<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<style>
<!--
@font-face
        {font-family:Helvetica}
@font-face
        {font-family:"Cambria Math"}
@font-face
        {font-family:Calibri}
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif"}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline}
span.EmailStyle17
        {font-family:"Calibri","sans-serif";
        color:#1F497D}
.MsoChpDefault
        {font-size:10.0pt}
@page WordSection1
        {margin:1.0in 1.0in 1.0in 1.0in}
div.WordSection1
        {}
-->
</style>
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">The ASA? The key there existed before my involvement, so I have no idea where it was generated. But I thought this was a problem with the local key of the rancid host, which was generated on it.</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span></p>
<p class="MsoNormal">You didn’t by chance generate this key your using on a windows device and then SCP it to your asa did you?  All the white space errors are jumping out at me making me think there’s a problem in the CR / LF handling but that’s an absolute
 pure guess so please add as many grains of salt as you feel is warranted.:)</p>
<div>
<p class="MsoNormal"> </p>
<div>
<p class="MsoNormal"> </p>
<div>
<blockquote style="margin-top:5.0pt; margin-bottom:5.0pt">
<div>
<p class="MsoNormal">On May 10, 2017, at 5:44 PM, Wayne Eisenberg <<a href="mailto:Wayne.Eisenberg@CarolinasIT.com">Wayne.Eisenberg@CarolinasIT.com</a>> wrote:</p>
</div>
<p class="MsoNormal"> </p>
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">Hi all,</span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif""> </span></p>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">I was setting up a new ASA 5545 to be part of our happy family, and it would not let rancid/ssh login to it, although putty has no problem. The output I get is:</span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif""> </span></p>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">[rancid@hosted]$ ssh -vvv -c aes256-cbc -x -l <***> <x.x.x.x></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">OpenSSH_5.1p1, OpenSSL 0.9.8i 15 Sep 2008</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">debug1: Reading configuration data /etc/ssh/ssh_config</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">debug2: ssh_connect: needpriv 0</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">debug1: Connecting to [x.x.x.x] port 22.</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">debug1: Connection established.</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">debug1: identity file /home/rancid/.ssh/identity type -1</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">debug3: Not a RSA1 key file /home/rancid/.ssh/id_rsa.</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">debug2: key_type_from_name: unknown key type '-----BEGIN'</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">debug3: key_read: missing keytype</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">debug3: key_read: missing whitespace</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">debug3: key_read: missing whitespace</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">debug3: key_read: missing whitespace</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">debug3: key_read: missing whitespace</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">debug3: key_read: missing whitespace</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">debug3: key_read: missing whitespace</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">debug3: key_read: missing whitespace</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">debug3: key_read: missing whitespace</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">debug3: key_read: missing whitespace</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">debug3: key_read: missing whitespace</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">debug3: key_read: missing whitespace</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">debug3: key_read: missing whitespace</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">debug3: key_read: missing whitespace</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">debug3: key_read: missing whitespace</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">debug3: key_read: missing whitespace</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">debug3: key_read: missing whitespace</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">debug3: key_read: missing whitespace</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">debug3: key_read: missing whitespace</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">debug3: key_read: missing whitespace</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">debug3: key_read: missing whitespace</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">debug3: key_read: missing whitespace</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">debug3: key_read: missing whitespace</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">debug3: key_read: missing whitespace</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">debug3: key_read: missing whitespace</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">debug3: key_read: missing whitespace</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">debug2: key_type_from_name: unknown key type '-----END'</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">debug3: key_read: missing keytype</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">debug1: identity file /home/rancid/.ssh/id_rsa type 1</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">debug1: identity file /home/rancid/.ssh/id_dsa type -1</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">ssh_exchange_identification: Connection closed by remote host</span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif""> </span></p>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">The relevant part of the firewall config:</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">ssh scopy enable</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">ssh y.y.y.y z.z.z.z outside</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">ssh 0.0.0.0 0.0.0.0 inside</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">ssh timeout 30</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">ssh key-exchange group dh-group1-sha1</span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif""> </span></p>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">I suspect the key-exchange group line is the issue, but dang if I can figure out how to resolve it. I do not have any problems with using ssh on any other device at all.
 So yes, I have an id_rsa file that seems to be just fine since I connect to all the other devices.</span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif""> </span></p>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">The /etc/ssh/ssh_config file is only comments, no commands in there. If I try to add a line for KexAlgorithms, ssh gives me an error, ‘bad configuration option’.</span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif""> </span></p>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">ssh –V => OpenSSH_5.1p1, OpenSSL 0.9.8i 15 Sep 2008</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">ssh –Q is not a valid option</span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif""> </span></p>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif""> </span></p>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">Any ideas?</span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif""> </span></p>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">Thanks,</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"">Wayne</span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif""> </span></p>
</div>
</div>
</blockquote>
</div>
<p class="MsoNormal"> </p>
</div>
</div>
</div>
<br>
<hr>
<font face="Arial" color="Blue" size="1"><br>
The information in this Internet e-mail (and any attachments) is confidential, may be legally privileged and is intended solely for the Addressee(s) named above. If you are not the intended recipient, or the employee or agent responsible for delivering it to
 the intended recipient, then any dissemination or copying of this e-mail (and any attachments) is prohibited and may be unlawful. If you received this e-mail in error, please immediately notify us by e-mail or telephone, then delete the message. Thank you.<br>
</font>
</body>
</html>