03-21-2007 09:47 AM
Tired of running back and forth is there a way to Telnet or SSH into a Pix from the internet? I'm sure there is I just am not sure.
03-21-2007 09:58 AM
Lance,
You cant telnet from the internet to the outside IP address of the PIX.
But you can ssh. Get a freeware SSH client.
You need the following on the PIX configured before you try to ssh.
a. domain-name
b. cry ca gen rsa 1024
c. ssh 0.0.0.0 0.0.0.0
Lance, if you would like your PIX to be accessed only by you and you know the IP address you are coming from, please be specific on the ssh command when you insert the IP address.
Once you have these configured, make sure you have password configured as well.
passwd
Use the username "pix" and try to ssh.
Let me know how it goes.
Rate this post, it it helps.
Cheers
Gilbert
03-21-2007 10:24 AM
Sorry I get a:
"%Key pair with hostname CiscoPIX506e.srvfarm.com will be invalid"
When entering a domain name
and
CIERR: The number of parameters is wrong!
When entering the "cry ca gen rsa 1024" command.
I'm running a 6.3(4) ver
03-21-2007 10:49 AM
So - you already have a domain name configured. Dont worry about that.
The next command would be..
ca gen rsa key 1024
Sorry about that....
Try that out and let me know.
Thanks
Gilbert
03-21-2007 06:34 PM
I have the following lines in aaa..
aaa-server LOCAL protocol local
aaa authentication ssh console RADIUS
I put the username and password in and it would show up with a login but wouldnt accept the password (and the password was correct) for the username that I put in.
I changed the "aaa authentication ssh console RADIUS" to LOCAL
That didnt seem to help it just disconnects me now right when I start an SSH session from outside :/
03-22-2007 05:50 AM
Luis,
From the output that you provided, it should be
aaa authentication ssh console LOCAL
After the change, you said it disconnects....does it disconnect after you enter the password or it fails with the password.
Let me know.
Thanks
Gilbert
03-22-2007 08:16 AM
Yeah when I changed it to
"aaa authentication ssh console LOCAL"
It just dissconnects right when I click the putty login.
Before it at least gave me a login prompt and then password just wouldnt accept the password for some reason.
03-23-2007 05:53 AM
Luis,
I just tested this on a PIX over here.
aaa-server LOCAL protocol local
aaa authentication ssh console LOCAL
username test pass test123
And I can use the username test and password test123 to log in.
Please let me know.
Thanks
Gilbert
03-23-2007 08:30 AM
Odd,
I have the following lines as well
aaa-server LOCAL protocol local
aaa authentication ssh console LOCAL
And when I try to connect it just kills
the connection. Should I restart the Pix
or maybe rebuild some keys or something?
03-23-2007 10:19 AM
Run the following commands.
a. ca zero rsa
b. ca gen rsa key 512
Let me know.
Thanks
Gilbert
03-23-2007 02:47 PM
When I do a "ca zero rsa" I get..
ERROR: incomplete or invalid option
03-23-2007 06:50 PM
Hmm I think my RSA Key is hosed.....and have no clue how to make another one.
when I type in those previous commands it keeps thinking im trying to do a "Capture"
CiscoPIX506e# ca generate rsa key
ERROR: unknown option
usage: capture
[buffer
[ethernet-type
[interface
[packet-length
[circular-buffer]
How do I generate another RSA key if that's happening?
03-29-2007 05:49 AM
You need to be in config mode to do this change.
PIX#config t
PIX(config)# ca gen rsa key 512
Thanks
Gilbert
05-04-2007 03:47 AM
Dear sir ,
Do the work as per follow ,
go to conf t mode
1. ca zeroize rsa
2.ca generate rsa key 2048
3.ca save all
ssh ip 255.255.255.255 outside
Now Check it .
Regards ,
cismcetpoy
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide