topic Re: Configure SSH2 on Cisco ASA? in Network Security

Configure SSH2 on Cisco ASA?

whiteford — Mon, 11 Mar 2019 12:08:06 GMT

Hi, on my ASA I have added the following for SSH2, but what do I need to do next?

ip domain name domain.com

IP SSH version 2

crypto key generate rsa

When I log it says it needs a username and password. I have a level 15 username and password that I use for the ASDM should this work as it does'nt or do I need to do something else?

Thanks

Re: Configure SSH2 on Cisco ASA?

rajbhatt — Mon, 25 Feb 2008 10:50:34 GMT

Hi,

For ssh access

crypto key gen rsa 1024

ssh ip addrress x.x.x.x 255.255.255.255 inside

If u have not configured AAA then default username would be pix and the first(telnet) password will be cisco

Enable password by default is blank

Else configure the username and password for AAA

raj

Re: Configure SSH2 on Cisco ASA?

alanajjar — Mon, 25 Feb 2008 11:07:06 GMT

Hi,

correct. also you can use local authentication to authenticate ssh, by using

aaa authentication ssh default LOCAL

then define username and password locally on the ASA, and use them for ssh authentication.

Re: Configure SSH2 on Cisco ASA?

whiteford — Mon, 25 Feb 2008 11:19:26 GMT

Hi,

crypto key gen rsa 1024 doesn't work but crypto key gen rsa does, how do I choose 1024?

I know crypto key gen rsa 1024 works on routers though

Re: Configure SSH2 on Cisco ASA?

whiteford — Mon, 25 Feb 2008 11:23:18 GMT

Hi,

When I type:

aaa authentication ssh default LOCAL it does like "defult" if I type:

aaa authentication ssh console LOCAL

It says the group local doesn't exist?

Re: Configure SSH2 on Cisco ASA?

alanajjar — Mon, 25 Feb 2008 12:25:45 GMT

Hi,

use the command

aaa authentication ssh console LOCAL

the LOCAL word must be upper case letters. this group is defined on the ASA by default, there should by a command like this in the ASA :

aaa server LOCAL protocol local

regards

Re: Configure SSH2 on Cisco ASA?

whiteford — Mon, 25 Feb 2008 13:56:18 GMT

Hi, this worked!

1.) aaa authentication ssh console LOCAL

I just used the same username and password I use for the ASDM and I got in to the CLI.

But

aaa server LOCAL protocol local

Doesn't appear, all I see is:

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server RADIUS host server1

key 1234

aaa-server RADIUS host server2

key 1234

2.) Is the crypto key automoatically using 1024 as I didn't let me add that after the rsa.

3.) should the keys be encrypted? key 1234 is in clear text.

Thanks

Re: Configure SSH2 on Cisco ASA?

alanajjar — Tue, 26 Feb 2008 06:19:35 GMT

Hi,

Good news to hear its workrd.

1) regarding local authentication its enabled by default, dont worry about that command.

2) if you generate rsa key without specifing its size, the default size is 1024. You can specify other modulus sizes by using modulus keyword :

crypto key generate rsa modulus modulus_size

3) the key in this command cannot be encrypted

regards

Re: Configure SSH2 on Cisco ASA?

alanajjar — Fri, 29 Feb 2008 17:21:07 GMT

Hi,

Please rate if this solve the problem!!

regards

Re: Configure SSH2 on Cisco ASA?

onlyabhishek007 — Fri, 07 Mar 2008 08:33:08 GMT

when u use the ssh from the inside or outside then it ask the username if u did not configure the username then pix is the user name and passwd command provide the password for the authentication.