![]() So I installed the latest release of OpenSC for Windows and verified it worked: >opensc-tool.exe -list-readers Unfortunately, WSL does not support libusb ( yet?), meaning it's not possible. Since OpenSC and OpenSSL are Unix tools, my first instinct was to use WSL (Windows Subsystem for Linux) to access the token. Thanks to my job, I already had (some) experience with OpenSSL, OpenSC, PKCS#11 and PKCS#15, and it's not like these technology are new, so I was expecting it would be simply a matter of finding the right commands.Īfter I managed to enable the Smart Card capability of the token, I continued with the Feitian guide on how to use their product with SSH authentication. ![]() The idea is simple: Public Key Authentication for SSH is well documented, I just want my private key to live on my hardware token instead of being a file on my hard drive. In case of mistake: replacing the certificate.Satisfying Putty-CAC by creating a certificate from our key pair.It was too good to last, or "why does connecting from a Windows host have to be so hard?".Or the result of several hours of fumbling around trying to use my new Feitian ePass Smart Card to login on my ssh server with asymmetric cryptography. TLSv1.Using SSH Public Key Authentication with a Smart Card Sequence number: 1 (relative sequence number)Īcknowledgment number: 518 (relative ack number) Transmission Control Protocol, Src Port: 443, Dst Port: 60255, Seq: 1, Ack: 518, Len: 7 Is this the message you expected to see? It's using TLS 1.2. I didn't see anything that mentioned cipher spec exchange specifically. There was a "client hello" followed by this message. SSH0: client version is - SSH-2.0-PuTTY_Release_0.73Ĭlient version string:SSH-2.0-PuTTY_Release_0.73 This site can’t provide a secure connection 172.16.1.1 uses an unsupported protocol. HTTPS in Chrome to the ASA IP gives the message: I am also unable to connect with ASDM or access the web interface. I upgraded to the latest putty version (0.73) but I was still unable to connect. Medium: hmac-sha1 hmac-sha1-96 hmac-sha2-256 SSH2 0: key exchange failed to completeSSH0: Session disconnected by SSH server - error 0x00 "Internal error"Īvailable SSH Encryption and Integrity AlgorithmsĪll: 3des-cbc aes128-cbc aes192-cbc aes256-cbc aes128-ctr aes192-ctr aes256-ctr SSH2 0: matching cipher is not supported: aes256-ctr SSH2 0: partial packet 8, need 664, maclen 0 SSH2 0: send: len 360 (includes padlen 7) SSH0: client version is - SSH-2.0-PuTTY_Release_0.66Ĭlient version string:SSH-2.0-PuTTY_Release_0.66 SSH0: Exchanging versions - SSH-2.0-Cisco-1.25 Smc-asa(config)# Device ssh opened successfully. ĭo you really want to replace them? : yes WARNING: You have a RSA keypair already defined named. Smc-asa(config)# crypto key generate rsa modulus 2048 Smc-asa(config)# ssh key-exchange group dh-group14-sha1 Does anyone know what I can do to fix ssh and asdm?Ĭisco Adaptive Security Appliance Software Version 9.12(3)9 Debug shows "cipher not supported" but it is listed as a cipher in "sh ssh ciphers". This issue occurred following wiping the configuration to clear a password when password recovery was disabled. I am unable connect to the Cisco ASA 5512-X with ssh or asdm.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |