topic Cut-Through proxy and SSH in Network Security https://community.cisco.com/t5/network-security/cut-through-proxy-and-ssh/m-p/1565009#M624689 <P>Hi,</P><P></P><P>I am trying to get cut through proxy to authenticate SSH connectivity. If I use telnet, the firewall will proxy correctly and force local AAA authentication however, when using SSH, the connection is dropped with error :</P><P>processing uauth_error, session id: 2147483663, message: Must authenticate before using this service.</P><P></P><P>Why does the firewall not enforce AAA authentication when connecting using SSH rather than telnet??</P><P></P><P>Configured on ASA5510 SP - version 8.</P><P></P><P>Please assist?</P><P></P><P>Thanks!</P> Mon, 11 Mar 2019 18:47:47 GMT saronm 2019-03-11T18:47:47Z Cut-Through proxy and SSH https://community.cisco.com/t5/network-security/cut-through-proxy-and-ssh/m-p/1565009#M624689 <P>Hi,</P><P></P><P>I am trying to get cut through proxy to authenticate SSH connectivity. If I use telnet, the firewall will proxy correctly and force local AAA authentication however, when using SSH, the connection is dropped with error :</P><P>processing uauth_error, session id: 2147483663, message: Must authenticate before using this service.</P><P></P><P>Why does the firewall not enforce AAA authentication when connecting using SSH rather than telnet??</P><P></P><P>Configured on ASA5510 SP - version 8.</P><P></P><P>Please assist?</P><P></P><P>Thanks!</P> Mon, 11 Mar 2019 18:47:47 GMT https://community.cisco.com/t5/network-security/cut-through-proxy-and-ssh/m-p/1565009#M624689 saronm 2019-03-11T18:47:47Z Re: Cut-Through proxy and SSH https://community.cisco.com/t5/network-security/cut-through-proxy-and-ssh/m-p/1565010#M624699 <HTML><HEAD></HEAD><BODY><P>Saron,</P><P></P><P>On ASA you cannot use SSH to authenticate for CTP.</P><P></P><P>Supported authentication protocols:</P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/access_fwaaa.html#wp1061184">http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/access_fwaaa.html#wp1061184</A></P><P></P><P>We'd need to somehow do a man in the middle attach on SSH flows to make CTP work with SSH.</P><P></P><P></P><P>Hope this helps,</P><P>Marcin</P></BODY></HTML> Thu, 30 Sep 2010 16:32:45 GMT https://community.cisco.com/t5/network-security/cut-through-proxy-and-ssh/m-p/1565010#M624699 Marcin Latosiewicz 2010-09-30T16:32:45Z