Solved: Cannot SSH into PIX

michael.ball · ‎04-27-2007

I would like to be able to use an SSH client to connect to my PIX firewall over the Internet. I can do this to my 506 PIX but not on my 515, with debug SSH on I keep seeing "invalid userid michael" even though I have put the command "user michael password michael privilege 15" into the configuration. What am I doing wrong?

Patrick Iseli · ‎04-27-2007

Have you created a rsa key ?

#Generate a key:

ca generate rsa key 1024

show ca mypubkey rsa

#Save ssh key:

ca save all

#Allow incomming ssh connections:

ssh ip_address [netmask] [interface_name]

aaa authentication ssh console LOCAL

sincerely

Patrick

View solution in original post

Patrick Iseli · ‎04-27-2007

Have you created a rsa key ?

#Generate a key:

ca generate rsa key 1024

show ca mypubkey rsa

#Save ssh key:

ca save all

#Allow incomming ssh connections:

ssh ip_address [netmask] [interface_name]

aaa authentication ssh console LOCAL

sincerely

Patrick

sundar.palaniappan · ‎04-27-2007

Michael,

Have a look at this document and make sure that you have all the configuration required to allow SSH access from the outside host.

http://cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008069bf1b.shtml#conf

If you are still having problems post the sanitized configuration and debug ssh output.

HTH

Sundar

oabduo983 · ‎04-28-2007

YOU ARE MISSING:

aaa authentication ssh console LOCAL

Otherwise, use pix as username and your telnet password to access your unit!

Please rate this post if it was helpful!