cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1541
Views
0
Helpful
8
Replies

Pix 506e with ssh

How can I configure the ssh access on pix 506e?

3 Accepted Solutions

Accepted Solutions

Use this configuration:

pix506e(config)# ca zeroize rsa --- erase actual key

pix506e(config)# ca save all -- save changes

pix506e(config)# domain-name ciscopix.com --creates new key

pix506e(config)# ca generate rsa key 1024

For >= 1024, key generation could

take up to several minutes. Please wait.

Keypair generation process begin.

.Success.

pix506e(config)# ca save all -- save new changes

View solution in original post

in the configure mode:

pix(config)#ssh x.x.x.x x.x.x.x outiside --- specify the interface by what you are access.

ssh ip address --- netmask ---- interface

View solution in original post

You dont have to apply it anywhere. After you configure the commands posted in the above message, you have to configure the pix to allow what IP Addresses can access to which interface using SSH.

Example 1: The below command will allow all IP Addresses on the outside to access the pix via SSH.

ssh 0.0.0.0 0.0.0.0 outside

Example 2: The below command will allow all 10.1.1.0/24 Addresses on the inside to access the pix via SSH.

ssh 10.1.1.0 255.255.255.0 inside

Regards,

Arul

** Please rate all helpful posts **

View solution in original post

8 Replies 8

Use this configuration:

pix506e(config)# ca zeroize rsa --- erase actual key

pix506e(config)# ca save all -- save changes

pix506e(config)# domain-name ciscopix.com --creates new key

pix506e(config)# ca generate rsa key 1024

For >= 1024, key generation could

take up to several minutes. Please wait.

Keypair generation process begin.

.Success.

pix506e(config)# ca save all -- save new changes

and how apply this?

in the configure mode:

pix(config)#ssh x.x.x.x x.x.x.x outiside --- specify the interface by what you are access.

ssh ip address --- netmask ---- interface

You dont have to apply it anywhere. After you configure the commands posted in the above message, you have to configure the pix to allow what IP Addresses can access to which interface using SSH.

Example 1: The below command will allow all IP Addresses on the outside to access the pix via SSH.

ssh 0.0.0.0 0.0.0.0 outside

Example 2: The below command will allow all 10.1.1.0/24 Addresses on the inside to access the pix via SSH.

ssh 10.1.1.0 255.255.255.0 inside

Regards,

Arul

** Please rate all helpful posts **

I was able to connect to my PIX 506e using SSH Secure Shell, but now I cannot. I get an error message saying "Connection closed by remote host? We have made no changes to the pix, all the sudden it quit working.

Do I need to regenerate the the rsa key? Or what should I do?

I am new on managing PIXes.

ssh timeout 10

issue this command in config mode

Thanks for the response. I changed from the existing 5 to 10 and then to 30.

Now my PIX 501e is doing the same thing.

It is still not working. What else can I do?

Thanks,

Noemi

!The two commands below are used to define the PIX's host name and domain name.

!This is necessary because the RSA keys used for encryption and decryption are

!named using these parameters and also are bound to the PIX via these parameters.

hostname pix123

domain-name test.com

!The command below is used to generate a 1024-bit RSA public/private key pair to

!be used for encryption and decryption.

ca generate rsa key 1024

!The command below is used to save the keys generated to Flash memory.

ca save all

!The commands below are used to tell the PIX to accept SSH connections on its

!outside interface and to set the idle timeout for SSH sessions to 15 minutes.

ssh 10.1.1.1 255.255.255.255 outside

ssh timeout 7

!Furthermore, the PIX can be set up to do authentication for the SSH users

!connecting to it. The following command defines the AAA server group, ssh123, to

!use for authentication. The AAA server address, 10.1.1.200, and the key to

!authenticate to it, mysecure, are also defined.

aaa-server ssh123 (inside) host 10.1.1.200 mysecure

!The following command binds the AAA server group to the protocol TACACS+.

aaa-server ssh123 protocol tacacs+

!The following command is used to tell the PIX box to do authentication for the

!SSH users using the AAA server group, ssh123, defined above.

aaa authenticate ssh console ssh123

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: