It is fairly straightforward. You first need to create the RSA key on the PIX using the following command:
ca generate rsa key
can be either 512, 768, 1024, or 2048
Then you need to explicitly permit your work-station to open an SSH connection to the PIX. To do this, use the following command:
For instance, 'ssh 18.104.22.168 255.255.255.255 outside' would allow the 22.214.171.124 host to conenct via SSH from the outside. You can also change the SSH idle timeout if you want using the following command:
I always set this to 60 because I hate my SSH sessions timing out.
As for the client piece, and SSH client should work. From a windows platform, the easiest to use is probably PuTTY (and it is free). The default username (unless you have AAA setup) is pix and the SSH password is your telnet password. From here, just proceed as you do with telnet.
You will need to define the pix hostname first before you use the ca generate command.
Also, if you do the ca generate command, and use a keylength of 1024 or 2048, and then use PDM, PDM will wipe it out, and create a 768 bit key, which will cause most ssh clients to then complain that the key is not what is expected, and that security might be breached. This can be disregarded in this instance because of PDM's quirky behaviour
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :