ssh on pix 515E

Posted on 2006-05-26
Last Modified: 2013-11-16
I'm trying to ssh to my pix with putty.  When I try to connect I get a warning stating "The first cipher supported by the server is single-DES, which is below the configured warning threshold...Do you want to continue".  I click yes and I'm connected.  However, Is there a configuration change I need to make on the pix or just change the selection policy in Putty?
Question by:Jelonet
    LVL 32

    Expert Comment

    "This occurs when the SSH server does not offer any ciphers which you have configured PuTTY to consider strong enough. By default, PuTTY puts up this warning only for single-DES and Arcfour encryption"

    How is ssh on your PIX configured?

    LVL 11

    Accepted Solution

    The PiX only supports SSH v1.

    However your pix appears to be running only the DES license which is what putty is complaining about.

    Go here and use a CCO login or create one to get your free 3Des license for the PIX

    Apply that license key and Putty will be happy.

    Author Comment

    Is there somewhere I can look in the Pix config to see if it is already supported or is this a given from the Putty warning message that I don't have it?

    Author Comment

    Here is my sh ver:

    Cisco PIX Firewall Version 6.3(3)
    Cisco PIX Device Manager Version 1.1(2)

    Compiled on Wed 13-Aug-03 13:55 by morlee

    Pix up 275 days 21 hours

    Hardware:   PIX-515E, 64 MB RAM, CPU Pentium II 433 MHz
    Flash E28F128J3 @ 0x300, 16MB
    BIOS Flash AM29F400B @ 0xfffd8000, 32KB

    Encryption hardware device : IRE2141 with 2048KB, HW:1.0, CGXROM:1.9, FW:6.5
    0: ethernet0: address is 000d.2938.f91d, irq 10
    1: ethernet1: address is 000d.2938.f91e, irq 11
    2: ethernet2: address is 0005.5d18.b010, irq 11
    3: ethernet3: address is 0005.5d18.b011, irq 10
    4: ethernet4: address is 0005.5d18.b012, irq 9
    5: ethernet5: address is 0005.5d18.b013, irq 5
    Licensed Features:
    Failover:                    Enabled
    VPN-DES:                     Enabled
    VPN-3DES-AES:                Disabled
    Maximum Physical Interfaces: 6
    Maximum Interfaces:          10
    Cut-through Proxy:           Enabled
    Guards:                      Enabled
    URL-filtering:               Enabled
    Inside Hosts:                Unlimited
    Throughput:                  Unlimited
    IKE peers:                   Unlimited

    This PIX has an Unrestricted (UR) license.
    LVL 11

    Expert Comment

    VPN-3DES-AES:                Disabled

    This is the line that tells you your PIX is not running the 3DES license.

    You just have to go to that link i posted and get the license to enable it .. Its free
    LVL 8

    Expert Comment

    prueconsulting is correct...

    Charanjeet Singh

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
    If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now