Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
476
Views
0
Helpful
2
Replies

ssh for admin context

thundercisco
Level 1
Level 1

‎04-13-2012 09:16 AM - edited ‎03-11-2019 03:53 PM

Hi Guys,

Here is the config uration of my admin context on asa 5585 with 8.4 version

hostname FW-MAIN

domain-name bc.com

enable password xxxxxxxx encrypted

passwd xxxxxxx encrypted

names

name 10.0.0.0 xx-A

name 172.16.0.0 xx-B

name 192.168.0.0 xx-C

!

interface Management0/0

nameif management

security-level 70

ip address 10.216.175.10 255.255.255.128

!

dns server-group DefaultDNS

domain-name bc.com

pager lines 24

logging enable

logging asdm informational

mtu management 1500

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

route management xx-A 255.0.0.0 10.216.175.1 1

route management xx-B 255.240.0.0 10.216.175.1 1

route management xx-C 255.255.0.0 10.216.175.1 1

timeout xlate 3:00:00

timeout pat-xlate 0:00:30

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

user-identity default-domain LOCAL

aaa authentication ssh console LOCAL

aaa authentication http console LOCAL

http server enable

http 0.0.0.0 0.0.0.0 management

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet timeout 5

ssh 0.0.0.0 0.0.0.0 management

ssh timeout 5

no threat-detection statistics tcp-intercept

username admin password 3XRCbLw8F0tIVe6e encrypted privilege 15

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum client auto

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

inspect ip-options

!

I am unable to ssh into this context, i have checked cyrpto key are configured. I am able to asdm into this context but no ssh. Please Help

thnx

Labels:
0 Helpful
2 Replies 2

Julio Carvajal
VIP Alumni
VIP Alumni

‎04-13-2012 03:48 PM

Hello,

Remove the entire SSH configuration and add it one more time from scratch

Then place a debug for the SSH process:

Debug SSH 255

And then provide the output to us.

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

thundercisco
Level 1
Level 1
In response to Julio Carvajal

‎04-25-2012 05:48 AM

I have to set my unit to factory default and then configure my admin conext and then create crypto keys!!!!!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card