I'd like to know if, in future versions of the pix firewall software , it will be possible to store RSA public keys on the pix flash memory, to authenticate clients connecting to it via ssh using RSA public key authentication instead of a password.
Yes you can save the generated RSA key onto the PIX Flash memory. Use command, in config mode after you have generated your key with command: ca generate rsa key , remember that the bigger the key size the stronger the ssh connection. I prefer to use key size 2048. You'll need DES or 3DES activated on your PIX.
> ca save all
You can view your generated RSA key by issuing command: sho ca mypubkey rsa
what I'd like to do is to put the public key of my pc on the pix flash memory, so it could authenticate me by checking that I own the corresponding secret key; such a thing is possible on any other ssh server, and it would be very handy feature to have on the pix firewall, too.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...