Need to telnet to my Pix....

Unanswered Question
Mar 21st, 2007

Tired of running back and forth is there a way to Telnet or SSH into a Pix from the internet? I'm sure there is I just am not sure.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
ggilbert Wed, 03/21/2007 - 09:58


You cant telnet from the internet to the outside IP address of the PIX.

But you can ssh. Get a freeware SSH client.

You need the following on the PIX configured before you try to ssh.

a. domain-name

b. cry ca gen rsa 1024

c. ssh

Lance, if you would like your PIX to be accessed only by you and you know the IP address you are coming from, please be specific on the ssh command when you insert the IP address.

Once you have these configured, make sure you have password configured as well.


Use the username "pix" and try to ssh.

Let me know how it goes.

Rate this post, it it helps.



ixholla69 Wed, 03/21/2007 - 10:24

Sorry I get a:

"%Key pair with hostname will be invalid"

When entering a domain name


CIERR: The number of parameters is wrong!

When entering the "cry ca gen rsa 1024" command.

I'm running a 6.3(4) ver

ggilbert Wed, 03/21/2007 - 10:49

So - you already have a domain name configured. Dont worry about that.

The next command would be..

ca gen rsa key 1024

Sorry about that....

Try that out and let me know.



ixholla69 Wed, 03/21/2007 - 18:34

I have the following lines in aaa..

aaa-server LOCAL protocol local

aaa authentication ssh console RADIUS

I put the username and password in and it would show up with a login but wouldnt accept the password (and the password was correct) for the username that I put in.

I changed the "aaa authentication ssh console RADIUS" to LOCAL

That didnt seem to help it just disconnects me now right when I start an SSH session from outside :/

ggilbert Thu, 03/22/2007 - 05:50


From the output that you provided, it should be

aaa authentication ssh console LOCAL

After the change, you said it disconnects....does it disconnect after you enter the password or it fails with the password.

Let me know.



ixholla69 Thu, 03/22/2007 - 08:16

Yeah when I changed it to

"aaa authentication ssh console LOCAL"

It just dissconnects right when I click the putty login.

Before it at least gave me a login prompt and then password just wouldnt accept the password for some reason.

ggilbert Fri, 03/23/2007 - 05:53


I just tested this on a PIX over here.

aaa-server LOCAL protocol local

aaa authentication ssh console LOCAL

username test pass test123

And I can use the username test and password test123 to log in.

Please let me know.



ixholla69 Fri, 03/23/2007 - 08:30


I have the following lines as well

aaa-server LOCAL protocol local

aaa authentication ssh console LOCAL

And when I try to connect it just kills

the connection. Should I restart the Pix

or maybe rebuild some keys or something?

ggilbert Fri, 03/23/2007 - 10:19

Run the following commands.

a. ca zero rsa

b. ca gen rsa key 512

Let me know.



ixholla69 Fri, 03/23/2007 - 14:47

When I do a "ca zero rsa" I get..

ERROR: incomplete or invalid option

ixholla69 Fri, 03/23/2007 - 18:50

Hmm I think my RSA Key is hosed.....and have no clue how to make another one.

when I type in those previous commands it keeps thinking im trying to do a "Capture"

CiscoPIX506e# ca generate rsa key

ERROR: unknown option

usage: capture [access-list ]

[buffer ]

[ethernet-type ]

[interface ]

[packet-length ]


How do I generate another RSA key if that's happening?

ggilbert Thu, 03/29/2007 - 05:49

You need to be in config mode to do this change.

PIX#config t

PIX(config)# ca gen rsa key 512



cismcetpoy Fri, 05/04/2007 - 03:47

Dear sir ,

Do the work as per follow ,

go to conf t mode

1. ca zeroize rsa generate rsa key 2048 save all

ssh ip outside

Now Check it .

Regards ,



This Discussion