Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Need to telnet to my Pix....

Tired of running back and forth is there a way to Telnet or SSH into a Pix from the internet? I'm sure there is I just am not sure.

13 REPLIES
Cisco Employee

Re: Need to telnet to my Pix....

Lance,

You cant telnet from the internet to the outside IP address of the PIX.

But you can ssh. Get a freeware SSH client.

You need the following on the PIX configured before you try to ssh.

a. domain-name

b. cry ca gen rsa 1024

c. ssh 0.0.0.0 0.0.0.0

Lance, if you would like your PIX to be accessed only by you and you know the IP address you are coming from, please be specific on the ssh command when you insert the IP address.

Once you have these configured, make sure you have password configured as well.

passwd

Use the username "pix" and try to ssh.

Let me know how it goes.

Rate this post, it it helps.

Cheers

Gilbert

Community Member

Re: Need to telnet to my Pix....

Sorry I get a:

"%Key pair with hostname CiscoPIX506e.srvfarm.com will be invalid"

When entering a domain name

and

CIERR: The number of parameters is wrong!

When entering the "cry ca gen rsa 1024" command.

I'm running a 6.3(4) ver

Cisco Employee

Re: Need to telnet to my Pix....

So - you already have a domain name configured. Dont worry about that.

The next command would be..

ca gen rsa key 1024

Sorry about that....

Try that out and let me know.

Thanks

Gilbert

Community Member

Re: Need to telnet to my Pix....

I have the following lines in aaa..

aaa-server LOCAL protocol local

aaa authentication ssh console RADIUS

I put the username and password in and it would show up with a login but wouldnt accept the password (and the password was correct) for the username that I put in.

I changed the "aaa authentication ssh console RADIUS" to LOCAL

That didnt seem to help it just disconnects me now right when I start an SSH session from outside :/

Cisco Employee

Re: Need to telnet to my Pix....

Luis,

From the output that you provided, it should be

aaa authentication ssh console LOCAL

After the change, you said it disconnects....does it disconnect after you enter the password or it fails with the password.

Let me know.

Thanks

Gilbert

Community Member

Re: Need to telnet to my Pix....

Yeah when I changed it to

"aaa authentication ssh console LOCAL"

It just dissconnects right when I click the putty login.

Before it at least gave me a login prompt and then password just wouldnt accept the password for some reason.

Cisco Employee

Re: Need to telnet to my Pix....

Luis,

I just tested this on a PIX over here.

aaa-server LOCAL protocol local

aaa authentication ssh console LOCAL

username test pass test123

And I can use the username test and password test123 to log in.

Please let me know.

Thanks

Gilbert

Community Member

Re: Need to telnet to my Pix....

Odd,

I have the following lines as well

aaa-server LOCAL protocol local

aaa authentication ssh console LOCAL

And when I try to connect it just kills

the connection. Should I restart the Pix

or maybe rebuild some keys or something?

Cisco Employee

Re: Need to telnet to my Pix....

Run the following commands.

a. ca zero rsa

b. ca gen rsa key 512

Let me know.

Thanks

Gilbert

Community Member

Re: Need to telnet to my Pix....

When I do a "ca zero rsa" I get..

ERROR: incomplete or invalid option

Community Member

Re: Need to telnet to my Pix....

Hmm I think my RSA Key is hosed.....and have no clue how to make another one.

when I type in those previous commands it keeps thinking im trying to do a "Capture"

CiscoPIX506e# ca generate rsa key

ERROR: unknown option

usage: capture [access-list ]

[buffer ]

[ethernet-type ]

[interface ]

[packet-length ]

[circular-buffer]

How do I generate another RSA key if that's happening?

Cisco Employee

Re: Need to telnet to my Pix....

You need to be in config mode to do this change.

PIX#config t

PIX(config)# ca gen rsa key 512

Thanks

Gilbert

Community Member

Re: Need to telnet to my Pix....

Dear sir ,

Do the work as per follow ,

go to conf t mode

1. ca zeroize rsa

2.ca generate rsa key 2048

3.ca save all

ssh ip 255.255.255.255 outside

Now Check it .

Regards ,

cismcetpoy

223
Views
5
Helpful
13
Replies
CreatePlease to create content