Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

SSH to outside interface

Hi, I am trying to setup SSH for outside access to my PIX,

I have added

ssh 0.0.0.0 0.0.0.0 outside

ssh timeout 10

and I am able to see the device with a SSH client, but it wont let me authenticate.

I tried reading through some previous links posted regarding SSH setup, but a lot of it was referring to AAA servers, and I dont have anything that elaborate setup here.

I went ahead and entered

ca gen rsa key 1024

to see if that would help and I am still unable to auth to the PIX outside interface from an outside IP.

Suggestions welcome :)

Thanks,

Dave

  • Other Security Subjects
5 REPLIES
Cisco Employee

Re: SSH to outside interface

SSH requires a username and password. If you don't have an external Radius/TACACS server,then you cna just login with the username of "pix" and use the Telnet password as the password.

See http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_60/config/commands.htm#xtocid75 for details.

New Member

Re: SSH to outside interface

oh, thanks.

New Member

Re: SSH to outside interface

Ok, I have 3 firewalls in diff locations.

SSH is working on one of them only.

This is really weird, I have :

domain-name yrpci.com

ssh 0.0.0.0 0.0.0.0 outside

and have checked my enable and telnet passwords.

I can see the PIX's using SSH (I'm using Tera Term Pro with the SSH extension) but am unable to actually authenticate.

I'm using the username PIX, and have tried both the enable and telnet password. Neither will authenticate.

I've also even tried adding a local user:

username cisco password BS/vQ9dzYT2I3rJy encrypted privilege 15

and it wont authenticate either.

Suggestions welcome,

Thanks,

Dave

New Member

Re: SSH to outside interface

Check to see if you generated the rsa keys and saved them on each of the PIXs...also check to make sure you have the correct subnet and subnet mask to permit SSH [unless you are using 0.0.0.0 0.0.0.0 & allowing everyone {not recommended}]

RobertG...

New Member

Re: SSH to outside interface

yes, I generated the keys, and ca save all 'd them as well

For the time being Ive even setup ssh 0 0 outside since it doesnt seem to allow anyone anyway.

So yes, I tried all that.

All the basics have been covered. Ive worked with guys that have setup ssh on 6.22 pix's before and they are not sure why this isnt working.

So I guess my question goes deeper into more troubleshooting. What other factors on a PIX can restrict the basic SSH setup from working. There has to be other factors that can restrict it. Is it possible for an acl to prevent ssh from coming through?

Thanks,

Dave

127
Views
0
Helpful
5
Replies