Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

SSH local database username and password not working

I have a weird issue. I recently setup an ASA 5510 and had SSH working. To make it easier on my VPN users I then decided I wanted to setup a Windows 2008 Network Policy Server for RADIUS authentication. Ever since I added the RADIUS part to aaa authentication, when I use SSH to connect to the ASA it will not take the local user name and password I have setup. I can however get in using a Domain user name and password. Below is the SSH and AAA configuration. Am I missing something here? The username and password in the ASA is not on the domain and it's like the ASA is not even trying LOCAL when it tries to authenticate. I want it to use the local username and password if possible. I'm kind of new to ASA's..

On another note, I have never been able to SSH in on the internal interface. I always get a "The remote system refused the connection" error message. I can only use the outside interface.

Site-ASA# sh run | in ssh

aaa authentication ssh console SERVER_RADIUS LOCAL

ssh 0.0.0.0 0.0.0.0 outside

ssh 0.0.0.0 0.0.0.0 inside

ssh timeout 60

ssh version 2

Site-ASA# sh run | in aaa

aaa-server SERVER_RADIUS protocol radius

aaa-server SERVER_RADIUS (inside) host 10.0.0.6

aaa authentication ssh console SERVER_RADIUS LOCAL

aaa authentication http console SERVER_RADIUS LOCAL

Site-ASA#

If there are any other config that would help I would be more than happy to display them

Thanks!

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

SSH local database username and password not working

Hi

try as

aaa authentication ssh console LOCAL SERVER_RADIUS

bcoz if radius is reachable the device will not check the local users.

2 REPLIES
New Member

SSH local database username and password not working

Hi

try as

aaa authentication ssh console LOCAL SERVER_RADIUS

bcoz if radius is reachable the device will not check the local users.

New Member

Re: SSH local database username and password not working

Thanks for the reply. I was just coming in to update this because you are exactly correct. For some reason I kept thinking that if the authentication failed via RADIUS it would use local which is not the case.

Problem (or no problem) resolved.

880
Views
0
Helpful
2
Replies