OPERATIONAL DEFECT DATABASE
...
...
After a reboot of the ASA sofware 9.12.1 release of Firepower 2110 device ssh version 1 2 is always automatically added into running-config and the ASA allow the SSH version 1 connections to the CLI console access.
Default ssh version 2 configuration and reload of the ASA, then ssh version 1 2 is always automatically added into running-config. ciscoasa# sh run ssh ssh stricthostkeycheck ssh timeout 10 ssh version 1 2 ssh key-exchange group dh-group14-sha1
Configure manually the ssh version 2, in order to allow only the ssh version 2 connections to the CLI console. ciscoasa# config t ciscoasa(config)# ssh version 2 ciscoasa(config)# exit ciscoasa# show run ssh ssh stricthostkeycheck ssh key-exchange group dh-group14-sha1 ciscoasa# show run all ssh ssh stricthostkeycheck ssh timeout 10 ssh version 2 ssh cipher encryption medium ssh cipher integrity high ssh key-exchange group dh-group14-sha1
ASA allows ssh version 1 connections to the CLI console Access when the relase notes of the 9.12.1 release said that SSH version 1 is no longer supported; only version 2 is supported. The ssh version 1 command will be migrated to ssh version 2.
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
