Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

problems logging into PIX with SSH

Hi there,

I have a PIX 506 running OS 6.2(2) which is in a DMZ, known as the outside PIX. It is behind another PIX506 (the inside PIX). Both PIX have Tacacs+ configured for login authentication.

Last week the outside PIX crashed physically and I have replaced it with a spare PIX and reconfigured it entirely.

Now I cannot log on to this outside PIX using SSH, despite the access-list on the inside PIX is correct and permits both SSH and tacacs+. However I can telnet to it.

I am using Putty to connect and when I start the SSH session the login window of the PIX appears and immediately disappears without me having the time to do anything.

Any help would be greatly appreciated. Many thanks in advance.

A.G.

##################################################

The inside PIX config :

access-list inside permit tcp Company-Inside-Net 255.255.255.0 host outsidepix-inside-interface eq ssh

access-list inside permit tcp Company-Inside-Net 255.255.255.0 host outsidepix-inside-interface eq telnet

access-list inside permit icmp Company-Inside-Net 255.255.255.0 DMZNet 255.255.255.192 echo

access-list inside permit icmp Company-Inside-Net 255.255.255.0 DMZNet 255.255.255.192 echo-reply

access-list dmzacl permit icmp host outsidepix-inside-interface Company-Inside-Net 255.255.255.0 echo

access-list dmzacl permit icmp host outsidepix-inside-interface Company-Inside-Net 255.255.255.0 echo-reply

access-list dmzacl permit tcp host outsidepix-inside-interface host tacacs-server1 eq tacacs

access-list dmzacl permit tcp host outsidepix-inside-interface host tacacs-server2 eq tacacs

The outside PIX config :

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ (inside) host tacacs-server1 1234 timeout 10

aaa-server TACACS+ (inside) host tacacs-server2 1234 timeout 10

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

aaa authentication telnet console TACACS+

aaa authentication ssh console TACACS+

aaa authentication enable console TACACS+

telnet Company-Inside-Net 255.255.255.0 inside

telnet timeout 5

ssh Company-Inside-Net 255.255.255.0 inside

ssh DMZNet 255.255.255.192 inside

ssh timeout 5

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: problems logging into PIX with SSH

did you follow the steps for setting up ssh? is the hostname and domain name defined on it? did you ca generate rsa... to create the encryption keys?

2 REPLIES
Silver

Re: problems logging into PIX with SSH

did you follow the steps for setting up ssh? is the hostname and domain name defined on it? did you ca generate rsa... to create the encryption keys?

Community Member

Re: problems logging into PIX with SSH

ah yes...

Thanks very much that did the trick, i had forgotten the rsa key generation and save... now it is working perfectly...

Many thanks

182
Views
0
Helpful
2
Replies
CreatePlease to create content