02-23-2009 02:53 PM - edited 03-11-2019 07:55 AM
Recently attempted upgrade to 8.0.4 but had to downgrade because I could not get ssh working at least from the outside interface. Tried zeroize and generate to no avail. Anyone have this?
02-24-2009 08:22 AM
Did you have the correct source IP specified in the configuration?
ssh
What log messages were being generating on the ASA when you were attempting to connect?
02-24-2009 09:54 AM
Hi,
You need the crypto keys and allow SSH access to permitted hosts. That's it.
What exactly is the error or the problem that you're having?
02-24-2009 12:44 PM
on 7.0 code upgrade to 8.0.4 all else the same, same keys same ssh same everything. Attempt to use putty to outside and get software error. zeroize keys rebuild same issue. Unfortunately, I did not have the luxury of time to debug as this was a cutover from checkpoint to ASA so down graded and putty now works. The reason for the upgrade was the code plus asdm support of the current java vm.
02-24-2009 07:02 PM
I've had the problem where even after I put in "ssh 0.0.0.0 0.0.0.0 outside" I would not be able to SSH in until I rebooted the ASA. I've had this more than once and not just for SSH - also for the ASDM after putting "http 0.0.0.0 0.0.0.0 outside" in. I simply could not get in. Reboot and it worked perfectly.
02-25-2009 01:20 AM
I have experienced the same problem in the most of my installed firwalls.
When I connect by ASDM, I obtain the following information:
Result of the command: "sh ssh sessions"
SID Client IP Version Mode Encryption Hmac State Username
0 a6:dd8:608a:909:21d3:3e09:43af:dd8
0.0 - - - Closed -
1 a6:dd8:608a:909:21d3:3e09:43af:dd8
0.0 - - - Closed -
2 a6:dd8:608a:909:21d3:3e09:43af:dd8
0.0 - - - Closed -
3 a6:dd8:608a:909:21d3:3e09:43af:dd8
0.0 - - - Closed -
4 a6:dd8:608a:909:21d3:3e09:43af:dd8
0.0 - - - Closed -
I have discinnect all the sessions, but the ssh access doesn't work.
I have disconnect all the sessions, but it goes on not working.
I have removed the ssh configuration and I have configured it again, the same result.
I have generated the rsa key, the same.
I have installed a lot of firewalls in my professional carreer, and this problem starts with the 8.0 Asa versions.
The action that solve teh problem is a reload.
I have never lost the ADSM or Telnet access.
Any idea?
07-28-2009 06:57 AM
Did you ever try "management-access outside"? This command is typically used to allow a VPN user to access the management of the ASA on a different interface. I can't explain why it works for straight SSH access, though.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: