02-23-2009 02:53 PM - edited 03-11-2019 07:55 AM
Recently attempted upgrade to 8.0.4 but had to downgrade because I could not get ssh working at least from the outside interface. Tried zeroize and generate to no avail. Anyone have this?
02-24-2009 08:22 AM
Did you have the correct source IP specified in the configuration?
ssh
What log messages were being generating on the ASA when you were attempting to connect?
02-24-2009 09:54 AM
Hi,
You need the crypto keys and allow SSH access to permitted hosts. That's it.
What exactly is the error or the problem that you're having?
02-24-2009 12:44 PM
on 7.0 code upgrade to 8.0.4 all else the same, same keys same ssh same everything. Attempt to use putty to outside and get software error. zeroize keys rebuild same issue. Unfortunately, I did not have the luxury of time to debug as this was a cutover from checkpoint to ASA so down graded and putty now works. The reason for the upgrade was the code plus asdm support of the current java vm.
02-24-2009 07:02 PM
I've had the problem where even after I put in "ssh 0.0.0.0 0.0.0.0 outside" I would not be able to SSH in until I rebooted the ASA. I've had this more than once and not just for SSH - also for the ASDM after putting "http 0.0.0.0 0.0.0.0 outside" in. I simply could not get in. Reboot and it worked perfectly.
02-25-2009 01:20 AM
I have experienced the same problem in the most of my installed firwalls.
When I connect by ASDM, I obtain the following information:
Result of the command: "sh ssh sessions"
SID Client IP Version Mode Encryption Hmac State Username
0 a6:dd8:608a:909:21d3:3e09:43af:dd8
0.0 - - - Closed -
1 a6:dd8:608a:909:21d3:3e09:43af:dd8
0.0 - - - Closed -
2 a6:dd8:608a:909:21d3:3e09:43af:dd8
0.0 - - - Closed -
3 a6:dd8:608a:909:21d3:3e09:43af:dd8
0.0 - - - Closed -
4 a6:dd8:608a:909:21d3:3e09:43af:dd8
0.0 - - - Closed -
I have discinnect all the sessions, but the ssh access doesn't work.
I have disconnect all the sessions, but it goes on not working.
I have removed the ssh configuration and I have configured it again, the same result.
I have generated the rsa key, the same.
I have installed a lot of firewalls in my professional carreer, and this problem starts with the 8.0 Asa versions.
The action that solve teh problem is a reload.
I have never lost the ADSM or Telnet access.
Any idea?
07-28-2009 06:57 AM
Did you ever try "management-access outside"? This command is typically used to allow a VPN user to access the management of the ASA on a different interface. I can't explain why it works for straight SSH access, though.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide