cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1418
Views
0
Helpful
3
Replies

SSH PIX / ASA

kuldeep.kaur
Level 1
Level 1

Hi Guys,

How do you enable ssh on pix and asa. I input the following command but it did not worked. Someone told me before that you have to input couple of commands to enable ssh. Could someone please help me out.

ssh 10.150.X.X 255.255.255.255 inside

Tks

1 Accepted Solution

Accepted Solutions

Dennis Leon
Cisco Employee
Cisco Employee

Hello Kuldeep,

First of all the ASA/PIX needs to have a domain already defined:

Something like:

domain-name yourdomain.com

Then you have to generate RSA keys for SSH to work:

crypto key generate rsa general-keys modulus 1024

(The bit lenght could be 512, 768,1024 or 2048)

If the ASA says that there is an existing key already and if you want to delete it...say yes.

Then do a wr mem and try to SSH the device.

Of course the comands you entered first are necessary too after this.

Hope it helps..

DL.

View solution in original post

3 Replies 3

Dennis Leon
Cisco Employee
Cisco Employee

Hello Kuldeep,

First of all the ASA/PIX needs to have a domain already defined:

Something like:

domain-name yourdomain.com

Then you have to generate RSA keys for SSH to work:

crypto key generate rsa general-keys modulus 1024

(The bit lenght could be 512, 768,1024 or 2048)

If the ASA says that there is an existing key already and if you want to delete it...say yes.

Then do a wr mem and try to SSH the device.

Of course the comands you entered first are necessary too after this.

Hope it helps..

DL.

Kuldeep,    Dennis have nailed your request on how to ..   just one simple/small  observation ,    running code 7.x or above does  not need domain name configuration to generate rsa keys as required in earliest versions of PIX .

some good detailed  instructions

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008069bf1b.shtml

B.Rgds

Jorge Rodriguez

One thing to note, earlier versions of PIX required a different command to generate the key:

ca zeroize rsa
ca generate rsa key 1024

Although based on ASA being in the subject line, I would assume that you ARE running the 7x or above.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: