Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

how can I allow an IP to ssh to asa5520?

only management interface is up

interface Management0/0

security-level 100

ip address 10.1.1.1 255.255.255.0

management-only

ssh my.ip.addr 255.255.255.255 management

and when I try to do ssh, it give me error:

ssh_exchange_identification: Connection closed by remote host.

Do I did wrong?

any comments will be appreciated

Thanks in advance.

  • VPN
7 REPLIES
Cisco Employee

Re: how can I allow an IP to ssh to asa5520?

Hi,

Did you generate the RSA Keys before you tried SSHing into the ASA. If not, generate the RSA keys and then try to ssh into ASA

Generating RSA Keys:

ca generate rsa key 1024

ca save all

Let me know if it helps.

Regards,

Arul

New Member

Re: how can I allow an IP to ssh to asa5520?

(config)#ca generate rsa key 1024

WARNING: the 'ca' command syntax has been deprecated

Please use the 'crypto key generate' command(config)# crytp key generate rsa modulus 1024

INFO: The name for the keys will be:

Keypaire generation process begin. Please wait....

So, where I can find the file

the "ca save all" can not do also.

Cisco Employee

Re: how can I allow an IP to ssh to asa5520?

Hi,

You can do a "show crypto key mypubkey rsa" to look at the RSA Keys.

Please refer the below URL for details

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_1/conf_gd/mgaccess.htm#wp1042023

Let me know if it helps.

Regards,

Arul

New Member

Re: how can I allow an IP to ssh to asa5520?

(config)#ca generate rsa key 1024

WARNING: the 'ca' command syntax has been deprecated

Please use the 'crypto key generate' command(config)# crytp key generate rsa modulus 1024

INFO: The name for the keys will be:

Keypaire generation process begin. Please wait....

So, where I can find the file

the "ca save all" can not do also.

Silver

Re: how can I allow an IP to ssh to asa5520?

For 7.X, the commands are different... Here is how to generate ssh keys in 7.X

1. crypto key xxx rsa (clears old keys)

2. crypto key generate rsa usage-keys noconfirm (generates new keys)

3. write mem (saves keys)

** Also, be sure you are allowing ssh from the source..

EX. ssh 172.16.1.0 255.255.255.0 inside

pls rate if this helps

New Member

Re: how can I allow an IP to ssh to asa5520?

I have got prompt for password.

but, after I put password, it return erroer:

Permission denied, please try again.

after three tries, it finally gave "Unable to find an authentication method"

New Member

Old post but see

2389
Views
10
Helpful
7
Replies
This widget could not be displayed.