Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


ssh on pix 515E

Posted on 2006-05-26
Medium Priority
Last Modified: 2013-11-16
I'm trying to ssh to my pix with putty.  When I try to connect I get a warning stating "The first cipher supported by the server is single-DES, which is below the configured warning threshold...Do you want to continue".  I click yes and I'm connected.  However, Is there a configuration change I need to make on the pix or just change the selection policy in Putty?
Question by:Jelonet
LVL 32

Expert Comment

ID: 16770591
"This occurs when the SSH server does not offer any ciphers which you have configured PuTTY to consider strong enough. By default, PuTTY puts up this warning only for single-DES and Arcfour encryption"

How is ssh on your PIX configured?

LVL 11

Accepted Solution

prueconsulting earned 500 total points
ID: 16770654
The PiX only supports SSH v1.

However your pix appears to be running only the DES license which is what putty is complaining about.

Go here and use a CCO login or create one to get your free 3Des license for the PIX


Apply that license key and Putty will be happy.

Author Comment

ID: 16771103
Is there somewhere I can look in the Pix config to see if it is already supported or is this a given from the Putty warning message that I don't have it?
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!


Author Comment

ID: 16771147
Here is my sh ver:

Cisco PIX Firewall Version 6.3(3)
Cisco PIX Device Manager Version 1.1(2)

Compiled on Wed 13-Aug-03 13:55 by morlee

Pix up 275 days 21 hours

Hardware:   PIX-515E, 64 MB RAM, CPU Pentium II 433 MHz
Flash E28F128J3 @ 0x300, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB

Encryption hardware device : IRE2141 with 2048KB, HW:1.0, CGXROM:1.9, FW:6.5
0: ethernet0: address is 000d.2938.f91d, irq 10
1: ethernet1: address is 000d.2938.f91e, irq 11
2: ethernet2: address is 0005.5d18.b010, irq 11
3: ethernet3: address is 0005.5d18.b011, irq 10
4: ethernet4: address is 0005.5d18.b012, irq 9
5: ethernet5: address is 0005.5d18.b013, irq 5
Licensed Features:
Failover:                    Enabled
VPN-DES:                     Enabled
VPN-3DES-AES:                Disabled
Maximum Physical Interfaces: 6
Maximum Interfaces:          10
Cut-through Proxy:           Enabled
Guards:                      Enabled
URL-filtering:               Enabled
Inside Hosts:                Unlimited
Throughput:                  Unlimited
IKE peers:                   Unlimited

This PIX has an Unrestricted (UR) license.
LVL 11

Expert Comment

ID: 16771325
VPN-3DES-AES:                Disabled

This is the line that tells you your PIX is not running the 3DES license.

You just have to go to that link i posted and get the license to enable it .. Its free

Expert Comment

ID: 16784033
prueconsulting is correct...

Charanjeet Singh

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Your business may be under attack from a silent enemy that is hard to detect. It works stealthily in the shadows to access and exploit your critical business information, sensitive confidential data and intellectual property, for commercial gain. T…
2017 was a scary year for cyber security.  Hear what our security experts say that hackers have in store for us in 2018.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question