Preview Tool

Cisco Bug: CSCvi85020 - Order of SSH configuration generates "SSH version 1 is not secure." error messages at boot

Last Modified

Dec 07, 2018

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases


Description (partial)

With the upcoming removal of SSH version 1, the ASA now generates a WARNING when configuring SSH if the version is not defined as version 2:

SSH version 1 is not secure.
It is recommended that only SSH version 2 be used.
SSH version 1 support will be removed in a future release.

The problem is that the order of the configuration on the ASA puts the 'ssh version 2' line far enough down the parser/cfg that the ASA generates this error at boot (when processing the "ssh x.x.x.x x.x.x.x <intf_name>" portion)

This occurs on version 9.9(2) where the SSH Version 1 warning was introduced.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.