Key exchange failed. No compatible key-exchange method. The server supports these methods: diffie-hellman-group14-sha256 – Cisco ASA

If you are trying to ssh but you are getting this message (or similar) shown below its probably your client software.

No compatible key-exchange method. 
The server supports these methods: diffie-hellman-group14-sha256

Experience this weird behavior while running secureCRT (v8.3.4) but when initialized the session via Putty it worked.

If you are running secureCRT there is one option you can verify. Under session options go to SSH2>Key exchange and make sure all diffie options are selected. It could be that exchange you are trying to do is not enabled. To be honest it did not work for me so If that is the case with you just read on.

secureCRT - Key exchange failed. No compatible key-exchange method. The server supports these methods: diffie-hellman-group14-sha256

You can verify your key-exchange group on your appliance by running this command (again you may need to use another client or console):

asav/sec/act# sh run all | in ssh

ssh key-exchange group dh-group14-sha1

As shown on my example this appliance is set to use dh-group14-sha1 and if the client is not able to support it then you’ll get this message.

From that point you try to change the key-exchange to anything lower and try your session again.

If that doesn’t do the trick I would advise to reinstall the software.

Good luck!

Bart

 

Tags:,

Add a Comment

Your email address will not be published. Required fields are marked *