Need to telnet to my Pix....

ixholla69 · ‎03-21-2007

Tired of running back and forth is there a way to Telnet or SSH into a Pix from the internet? I'm sure there is I just am not sure.

ggilbert · ‎03-21-2007

Lance,

You cant telnet from the internet to the outside IP address of the PIX.

But you can ssh. Get a freeware SSH client.

You need the following on the PIX configured before you try to ssh.

a. domain-name

b. cry ca gen rsa 1024

c. ssh 0.0.0.0 0.0.0.0

Lance, if you would like your PIX to be accessed only by you and you know the IP address you are coming from, please be specific on the ssh command when you insert the IP address.

Once you have these configured, make sure you have password configured as well.

passwd

Use the username "pix" and try to ssh.

Let me know how it goes.

Rate this post, it it helps.

Cheers

Gilbert

ixholla69 · ‎03-21-2007

Sorry I get a:

"%Key pair with hostname CiscoPIX506e.srvfarm.com will be invalid"

When entering a domain name

and

CIERR: The number of parameters is wrong!

When entering the "cry ca gen rsa 1024" command.

I'm running a 6.3(4) ver

ggilbert · ‎03-21-2007

So - you already have a domain name configured. Dont worry about that.

The next command would be..

ca gen rsa key 1024

Sorry about that....

Try that out and let me know.

Thanks

Gilbert

ixholla69 · ‎03-21-2007

I have the following lines in aaa..

aaa-server LOCAL protocol local

aaa authentication ssh console RADIUS

I put the username and password in and it would show up with a login but wouldnt accept the password (and the password was correct) for the username that I put in.

I changed the "aaa authentication ssh console RADIUS" to LOCAL

That didnt seem to help it just disconnects me now right when I start an SSH session from outside :/

ggilbert · ‎03-22-2007

Luis,

From the output that you provided, it should be

aaa authentication ssh console LOCAL

After the change, you said it disconnects....does it disconnect after you enter the password or it fails with the password.

Let me know.

Thanks

Gilbert

ixholla69 · ‎03-22-2007

Yeah when I changed it to

"aaa authentication ssh console LOCAL"

It just dissconnects right when I click the putty login.

Before it at least gave me a login prompt and then password just wouldnt accept the password for some reason.

ggilbert · ‎03-23-2007

Luis,

I just tested this on a PIX over here.

aaa-server LOCAL protocol local

aaa authentication ssh console LOCAL

username test pass test123

And I can use the username test and password test123 to log in.

Please let me know.

Thanks

Gilbert

ixholla69 · ‎03-23-2007

Odd,

I have the following lines as well

aaa-server LOCAL protocol local

aaa authentication ssh console LOCAL

And when I try to connect it just kills

the connection. Should I restart the Pix

or maybe rebuild some keys or something?

ggilbert · ‎03-23-2007

Run the following commands.

a. ca zero rsa

b. ca gen rsa key 512

Let me know.

Thanks

Gilbert

ixholla69 · ‎03-23-2007

When I do a "ca zero rsa" I get..

ERROR: incomplete or invalid option

ixholla69 · ‎03-23-2007

Hmm I think my RSA Key is hosed.....and have no clue how to make another one.

when I type in those previous commands it keeps thinking im trying to do a "Capture"

CiscoPIX506e# ca generate rsa key

ERROR: unknown option

usage: capture [access-list ]

[buffer ]

[ethernet-type ]

[interface ]

[packet-length ]

[circular-buffer]

How do I generate another RSA key if that's happening?

ggilbert · ‎03-29-2007

You need to be in config mode to do this change.

PIX#config t

PIX(config)# ca gen rsa key 512

Thanks

Gilbert

cismcetpoy · ‎05-04-2007

Dear sir ,

Do the work as per follow ,

go to conf t mode

1. ca zeroize rsa

2.ca generate rsa key 2048

3.ca save all

ssh ip 255.255.255.255 outside

Now Check it .

Regards ,

cismcetpoy