https://community.cisco.com/t5/network-security/ssh-config-on-a-pix/m-p/407924#M536234 <HTML><HEAD></HEAD><BODY><P>With my experiance, it's been that you're using DES (Putty defaults to 3DES I think). If you go to the ssh category in the Putty config you can move DES up above the "warn below here" line. Or the "ca save all" wasn't issued and you lost the key on reboot. It could be an accesslist somewhere else in the configuration also. Have you tried to capture the packets and see if they're in fact getting to the machine?</P><P></P></BODY></HTML> Thu, 30 Jun 2005 10:15:52 GMT david_leach 2005-06-30T10:15:52Z https://community.cisco.com/t5/network-security/ssh-config-on-a-pix/m-p/407920#M536221 <P>I have generated and saved a RSA Key and then set a ssh statement for my address.</P><P></P><P>Putty returns a connection refused statement. What have I missed?</P> Fri, 21 Feb 2020 08:14:03 GMT https://community.cisco.com/t5/network-security/ssh-config-on-a-pix/m-p/407920#M536221 john.graves 2020-02-21T08:14:03Z https://community.cisco.com/t5/network-security/ssh-config-on-a-pix/m-p/407921#M536223 <HTML><HEAD></HEAD><BODY><P>Did you save the CA with the "ca save all" command? If not, I would check to see if you have an ACL permitting the connection to the PIX. </P></BODY></HTML> Mon, 27 Jun 2005 18:06:27 GMT https://community.cisco.com/t5/network-security/ssh-config-on-a-pix/m-p/407921#M536223 jripkey 2005-06-27T18:06:27Z https://community.cisco.com/t5/network-security/ssh-config-on-a-pix/m-p/407922#M536226 <HTML><HEAD></HEAD><BODY><P>Most flavors of PIX IOS only support SSH version 1.</P><P></P><P>Try it as SSH version 1 with 3DES (or DES if that's all your license permits). </P><P></P><P>If you do a 'sh ver' it will give you your license restrictions. </P><P></P><P>Good Luck</P><P></P><P>Scott</P><P></P></BODY></HTML> Tue, 28 Jun 2005 01:47:45 GMT https://community.cisco.com/t5/network-security/ssh-config-on-a-pix/m-p/407922#M536226 scottmac 2005-06-28T01:47:45Z https://community.cisco.com/t5/network-security/ssh-config-on-a-pix/m-p/407923#M536231 <HTML><HEAD></HEAD><BODY><P>Just like the other reply mentioned, "ca save all" will save the RSA Key information, a "write memory" will not. Upon reboot, if this command wasn't specified, you will be unable to gain access with SSH. Also, if you change the domain name/host name of the device, this will also cause your SSH sessions to not work. The RSA Key is bound to your domain name you specify.</P></BODY></HTML> Wed, 29 Jun 2005 03:23:11 GMT https://community.cisco.com/t5/network-security/ssh-config-on-a-pix/m-p/407923#M536231 matt.austin 2005-06-29T03:23:11Z https://community.cisco.com/t5/network-security/ssh-config-on-a-pix/m-p/407924#M536234 <HTML><HEAD></HEAD><BODY><P>With my experiance, it's been that you're using DES (Putty defaults to 3DES I think). If you go to the ssh category in the Putty config you can move DES up above the "warn below here" line. Or the "ca save all" wasn't issued and you lost the key on reboot. It could be an accesslist somewhere else in the configuration also. Have you tried to capture the packets and see if they're in fact getting to the machine?</P><P></P></BODY></HTML> Thu, 30 Jun 2005 10:15:52 GMT https://community.cisco.com/t5/network-security/ssh-config-on-a-pix/m-p/407924#M536234 david_leach 2005-06-30T10:15:52Z