Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3094
Views
0
Helpful
9
Replies

Configure SSH2 on Cisco ASA?

whiteford
Level 1
Level 1

‎02-25-2008 01:44 AM - edited ‎03-11-2019 05:08 AM

Hi, on my ASA I have added the following for SSH2, but what do I need to do next?

ip domain name domain.com

IP SSH version 2

crypto key generate rsa

When I log it says it needs a username and password. I have a level 15 username and password that I use for the ASDM should this work as it does'nt or do I need to do something else?

Thanks

Labels:
0 Helpful
9 Replies 9

rajbhatt
Level 3
Level 3

‎02-25-2008 02:50 AM

Hi,

For ssh access

crypto key gen rsa 1024

ssh ip addrress x.x.x.x 255.255.255.255 inside

If u have not configured AAA then default username would be pix and the first(telnet) password will be cisco

Enable password by default is blank

Else configure the username and password for AAA

raj

0 Helpful

whiteford
Level 1
Level 1
In response to rajbhatt

‎02-25-2008 03:19 AM

Hi,

crypto key gen rsa 1024 doesn't work but crypto key gen rsa does, how do I choose 1024?

I know crypto key gen rsa 1024 works on routers though

0 Helpful

alanajjar
Level 1
Level 1

‎02-25-2008 03:07 AM

Hi,

correct. also you can use local authentication to authenticate ssh, by using

aaa authentication ssh default LOCAL

then define username and password locally on the ASA, and use them for ssh authentication.

0 Helpful

whiteford
Level 1
Level 1
In response to alanajjar

‎02-25-2008 03:23 AM

Hi,

When I type:

aaa authentication ssh default LOCAL it does like "defult" if I type:

aaa authentication ssh console LOCAL

It says the group local doesn't exist?

0 Helpful

alanajjar
Level 1
Level 1
In response to whiteford

‎02-25-2008 04:25 AM

Hi,

use the command

aaa authentication ssh console LOCAL

the LOCAL word must be upper case letters. this group is defined on the ASA by default, there should by a command like this in the ASA :

aaa server LOCAL protocol local

regards

0 Helpful

whiteford
Level 1
Level 1
In response to alanajjar

‎02-25-2008 05:56 AM

Hi, this worked!

1.) aaa authentication ssh console LOCAL

I just used the same username and password I use for the ASDM and I got in to the CLI.

But

aaa server LOCAL protocol local

Doesn't appear, all I see is:

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server RADIUS host server1

key 1234

aaa-server RADIUS host server2

key 1234

2.) Is the crypto key automoatically using 1024 as I didn't let me add that after the rsa.

3.) should the keys be encrypted? key 1234 is in clear text.

Thanks

0 Helpful

alanajjar
Level 1
Level 1
In response to whiteford

‎02-25-2008 10:19 PM

Hi,

Good news to hear its workrd.

1) regarding local authentication its enabled by default, dont worry about that command.

2) if you generate rsa key without specifing its size, the default size is 1024. You can specify other modulus sizes by using modulus keyword :

crypto key generate rsa modulus modulus_size

3) the key in this command cannot be encrypted

regards

0 Helpful

alanajjar
Level 1
Level 1
In response to alanajjar

‎02-29-2008 09:21 AM

Hi,

Please rate if this solve the problem!!

regards

0 Helpful

onlyabhishek007
Level 1
Level 1

‎03-07-2008 12:33 AM

when u use the ssh from the inside or outside then it ask the username if u did not configure the username then pix is the user name and passwd command provide the password for the authentication.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card