Our thinking

Connect via ssh to an old, insecure device

I recently needed to use ssh to connect to an old Cisco ASA5505 firewall.

As it turns out, the Java interface doesn’t work in any current version of Java and it’s got such an old version of ssh that it doesn’t support any key algorithms or cyphers that a current version of ssh considers to be secure.

As I’m only connecting over a LAN, security is less of a concern, so I was able to coerce my ssh client to connect via:

ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -c aes128-cbc [email protected]

Leave a Reply