02-25-2008 01:44 AM - edited 03-11-2019 05:08 AM
Hi, on my ASA I have added the following for SSH2, but what do I need to do next?
ip domain name domain.com
IP SSH version 2
crypto key generate rsa
When I log it says it needs a username and password. I have a level 15 username and password that I use for the ASDM should this work as it does'nt or do I need to do something else?
Thanks
02-25-2008 02:50 AM
Hi,
For ssh access
crypto key gen rsa 1024
ssh ip addrress x.x.x.x 255.255.255.255 inside
If u have not configured AAA then default username would be pix and the first(telnet) password will be cisco
Enable password by default is blank
Else configure the username and password for AAA
raj
02-25-2008 03:19 AM
Hi,
crypto key gen rsa 1024 doesn't work but crypto key gen rsa does, how do I choose 1024?
I know crypto key gen rsa 1024 works on routers though
02-25-2008 03:07 AM
Hi,
correct. also you can use local authentication to authenticate ssh, by using
aaa authentication ssh default LOCAL
then define username and password locally on the ASA, and use them for ssh authentication.
02-25-2008 03:23 AM
Hi,
When I type:
aaa authentication ssh default LOCAL it does like "defult" if I type:
aaa authentication ssh console LOCAL
It says the group local doesn't exist?
02-25-2008 04:25 AM
Hi,
use the command
aaa authentication ssh console LOCAL
the LOCAL word must be upper case letters. this group is defined on the ASA by default, there should by a command like this in the ASA :
aaa server LOCAL protocol local
regards
02-25-2008 05:56 AM
Hi, this worked!
1.) aaa authentication ssh console LOCAL
I just used the same username and password I use for the ASDM and I got in to the CLI.
But
aaa server LOCAL protocol local
Doesn't appear, all I see is:
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server RADIUS host server1
key 1234
aaa-server RADIUS host server2
key 1234
2.) Is the crypto key automoatically using 1024 as I didn't let me add that after the rsa.
3.) should the keys be encrypted? key 1234 is in clear text.
Thanks
02-25-2008 10:19 PM
Hi,
Good news to hear its workrd.
1) regarding local authentication its enabled by default, dont worry about that command.
2) if you generate rsa key without specifing its size, the default size is 1024. You can specify other modulus sizes by using modulus keyword :
crypto key generate rsa modulus modulus_size
3) the key in this command cannot be encrypted
regards
02-29-2008 09:21 AM
Hi,
Please rate if this solve the problem!!
regards
03-07-2008 12:33 AM
when u use the ssh from the inside or outside then it ask the username if u did not configure the username then pix is the user name and passwd command provide the password for the authentication.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: