Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Configure SSH2 on Cisco ASA?

Hi, on my ASA I have added the following for SSH2, but what do I need to do next?

ip domain name domain.com

IP SSH version 2

crypto key generate rsa

When I log it says it needs a username and password. I have a level 15 username and password that I use for the ASDM should this work as it does'nt or do I need to do something else?

Thanks

9 REPLIES
Community Member

Re: Configure SSH2 on Cisco ASA?

Hi,

For ssh access

crypto key gen rsa 1024

ssh ip addrress x.x.x.x 255.255.255.255 inside

If u have not configured AAA then default username would be pix and the first(telnet) password will be cisco

Enable password by default is blank

Else configure the username and password for AAA

raj

Community Member

Re: Configure SSH2 on Cisco ASA?

Hi,

crypto key gen rsa 1024 doesn't work but crypto key gen rsa does, how do I choose 1024?

I know crypto key gen rsa 1024 works on routers though

Community Member

Re: Configure SSH2 on Cisco ASA?

Hi,

correct. also you can use local authentication to authenticate ssh, by using

aaa authentication ssh default LOCAL

then define username and password locally on the ASA, and use them for ssh authentication.

Community Member

Re: Configure SSH2 on Cisco ASA?

Hi,

When I type:

aaa authentication ssh default LOCAL it does like "defult" if I type:

aaa authentication ssh console LOCAL

It says the group local doesn't exist?

Community Member

Re: Configure SSH2 on Cisco ASA?

Hi,

use the command

aaa authentication ssh console LOCAL

the LOCAL word must be upper case letters. this group is defined on the ASA by default, there should by a command like this in the ASA :

aaa server LOCAL protocol local

regards

Community Member

Re: Configure SSH2 on Cisco ASA?

Hi, this worked!

1.) aaa authentication ssh console LOCAL

I just used the same username and password I use for the ASDM and I got in to the CLI.

But

aaa server LOCAL protocol local

Doesn't appear, all I see is:

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server RADIUS host server1

key 1234

aaa-server RADIUS host server2

key 1234

2.) Is the crypto key automoatically using 1024 as I didn't let me add that after the rsa.

3.) should the keys be encrypted? key 1234 is in clear text.

Thanks

Community Member

Re: Configure SSH2 on Cisco ASA?

Hi,

Good news to hear its workrd.

1) regarding local authentication its enabled by default, dont worry about that command.

2) if you generate rsa key without specifing its size, the default size is 1024. You can specify other modulus sizes by using modulus keyword :

crypto key generate rsa modulus modulus_size

3) the key in this command cannot be encrypted

regards

Community Member

Re: Configure SSH2 on Cisco ASA?

Hi,

Please rate if this solve the problem!!

regards

Community Member

Re: Configure SSH2 on Cisco ASA?

when u use the ssh from the inside or outside then it ask the username if u did not configure the username then pix is the user name and passwd command provide the password for the authentication.

1409
Views
0
Helpful
9
Replies
CreatePlease to create content