topic Re: SSH & HTTPS issue on Firepower 4100 in Network Security

SSH & HTTPS issue on Firepower 4100

Jenny11 — Fri, 27 Aug 2021 10:25:07 GMT

Hello
I am facing an issue with SSH/HTTPS management access on a Firepower 4100. After un-boxing the device, I consoled in and ran through the initial setup. I assigned the IP, subnet, hostname, default gateway, and IP blocks on the interface. I am able to ping the chassis mgmt interface from a laptop on the same subnet. From my laptop, I use putty to SSH in, I get a response, but using the same credentials that work for console access, it says access denied. I can confirm that my IP is in the IP block list on the private subnet of: 10.200.1.x/24

When I attempt to access the 4100 via https, I get the login page, but my credentials that work for console access, do not work for web access:

The only network connectivity that I have to the appliance is to the chassis mgmt port. I simply want SSH and/or HTTPS access. I tried creating a 2nd admin user. I have the same issue with that account.

Is there something simple that I am missing to SSH/HTTPS into the chassis management port? I'm on version 2.4(1.101). I have followed the https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/fp4100/firepower-4100-gsg/chassis_setup/promokodik.net According to the doc, after the initial configuration, one should be able to SSH in to the appliance.

Re: SSH & HTTPS issue on Firepower 4100

Milos_Jovanovic — Fri, 27 Aug 2021 12:44:22 GMT

Hi @Jenny11,

This is a standard procedure, so everything you did looks fine to me. Yes, you should be able to authenticate with same account to SSH/Web/Console.

Try checking your users from console access with:

scope security

show local-user

show local-user user detail

Also, please check your authentication configuration:

scope security

show authentication

Third option could be to try and reduce your password complexity, and try with something simple (perhaps some special character is not parsing properly, or causing troubles).

scope security

set enforce-strong-password no

commit

set password

Finally, you are running really old FXOS version, so you should upgrade to more recent one (you might be hitting some bug from older releases).

BR,

Milos

Re: SSH & HTTPS issue on Firepower 4100

Marvin Rhoads — Sun, 29 Aug 2021 03:43:34 GMT

I've had issues with 4100 and 9300 series not liking the strong password I used ( I did NOT select enforce strong password during bootstrap) and thus blocking logon via ssh or FCM subsequent to bootstrapping via console.

My work around was to go back in and do the console-based password recovery procedure choosing a not quite so strong password. Then, once I was able to login via ssh, I was able to go back to the original strong password.