Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA 5510 ssh

hello,

i have router 2801 which is connected to ASA to Outside interface, and have problem with ssh ver 1.

sh ssh

0.0.0.0 0.0.0.0 Inside

0.0.0.0 0.0.0.0 Outside.

any suggestions?

please-thanks

7 REPLIES
Community Member

Re: ASA 5510 ssh

have you generated your ssh keys on the ASA?

Try this command:

crypto key generate rsa modulus 1024

Community Member

Re: ASA 5510 ssh

yes i do...

and security-level on out interface is 50

from inside its work

Community Member

Re: ASA 5510 ssh

try running:

'debug ssh'

And then attempt to connect to the firewall using ssh. This may give a clue why the session is failing.

Community Member

Re: ASA 5510 ssh

when i try to connect i get this on router

2801#ssh -v 1 -l local 192.168.250.5

[Connection to 192.168.250.5 aborted: error status 33]

Community Member

Re: ASA 5510 ssh

Could you run the 'debug ssh' command on the firewall whilst you try to connect.

Community Member

ASA 5510 ssh

I had a similar problem with an ASA5510 (192.168.50.206)

!------------------------------

Switch#ssh -l admin 192.168.50.206

[Connection to 192.168.50.206 aborted: error status 34]

!-----------------------------

after generating a new cert and changing ssh ver to 2 the problem disapeared.

Not sure if this is an option for you but I know there are some vulnerabilitys in ssh v1 as well.


DGW

ASA 5510 ssh

Hello Dylan,

Remember that SSH version 1 uses 768 bits for the rsa key

Use

ssh -v 1 -l username  IP address

Make sure you have configured the ASA to use Version 1

ASA(config)# ssh version 1

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
2145
Views
0
Helpful
7
Replies
CreatePlease to create content