I setup an ASA recently and ran into an issue where I couldn’t SSH to the unit from a Mac device. Key pairs had been generated, version set, etc. The following error kept triggering:

Unable to negotiate with x.x.x.x port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

For a super quick (albeit less secure) fix, just add the indicated cipher suite to your Mac’s SSH config file.

  1. Open Terminal.
  2. Enter the following:
    sudo nano ~/.ssh/config
  3. In your file, add the following lines:
    host %ip address%
         KexAlgorithms +diffie-hellman-group1-sha1
  4. Enter CTL+O and CTL+X to save and exit nano.

You should find the time to upgrade the firmware on your ASA. It happened to me on ASA v9.8(1) with ASDM image 7.8(1)150.