topic Re: Pix 506e with ssh in Network Security

Pix 506e with ssh

robertho_ramirez — Mon, 11 Mar 2019 11:55:39 GMT

How can I configure the ssh access on pix 506e?

Re: Pix 506e with ssh

Alejandro Cortes Rivera — Tue, 29 Jan 2008 21:26:35 GMT

Use this configuration:

pix506e(config)# ca zeroize rsa --- erase actual key

pix506e(config)# ca save all -- save changes

pix506e(config)# domain-name ciscopix.com --creates new key

pix506e(config)# ca generate rsa key 1024

For >= 1024, key generation could

take up to several minutes. Please wait.

Keypair generation process begin.

.Success.

pix506e(config)# ca save all -- save new changes

Re: Pix 506e with ssh

robertho_ramirez — Tue, 29 Jan 2008 21:28:32 GMT

and how apply this?

Re: Pix 506e with ssh

Alejandro Cortes Rivera — Tue, 29 Jan 2008 21:38:17 GMT

in the configure mode:

pix(config)#ssh x.x.x.x x.x.x.x outiside --- specify the interface by what you are access.

ssh ip address --- netmask ---- interface

Re: Pix 506e with ssh

ajagadee — Tue, 29 Jan 2008 21:38:52 GMT

You dont have to apply it anywhere. After you configure the commands posted in the above message, you have to configure the pix to allow what IP Addresses can access to which interface using SSH.

Example 1: The below command will allow all IP Addresses on the outside to access the pix via SSH.

ssh 0.0.0.0 0.0.0.0 outside

Example 2: The below command will allow all 10.1.1.0/24 Addresses on the inside to access the pix via SSH.

ssh 10.1.1.0 255.255.255.0 inside

Regards,

Arul

** Please rate all helpful posts **

Re: Pix 506e with ssh

noeminieto — Sat, 08 Mar 2008 18:21:52 GMT

I was able to connect to my PIX 506e using SSH Secure Shell, but now I cannot. I get an error message saying "Connection closed by remote host? We have made no changes to the pix, all the sudden it quit working.

Do I need to regenerate the the rsa key? Or what should I do?

I am new on managing PIXes.

Re: Pix 506e with ssh

mkkeyan — Mon, 10 Mar 2008 07:06:32 GMT

ssh timeout 10

issue this command in config mode

Re: Pix 506e with ssh

noeminieto — Mon, 10 Mar 2008 18:27:40 GMT

Thanks for the response. I changed from the existing 5 to 10 and then to 30.

Now my PIX 501e is doing the same thing.

It is still not working. What else can I do?

Thanks,

Noemi

Re: Pix 506e with ssh

mkkeyan — Tue, 11 Mar 2008 14:50:43 GMT

!The two commands below are used to define the PIX's host name and domain name.

!This is necessary because the RSA keys used for encryption and decryption are

!named using these parameters and also are bound to the PIX via these parameters.

hostname pix123

domain-name test.com

!The command below is used to generate a 1024-bit RSA public/private key pair to

!be used for encryption and decryption.

ca generate rsa key 1024

!The command below is used to save the keys generated to Flash memory.

ca save all

!The commands below are used to tell the PIX to accept SSH connections on its

!outside interface and to set the idle timeout for SSH sessions to 15 minutes.

ssh 10.1.1.1 255.255.255.255 outside

ssh timeout 7

!Furthermore, the PIX can be set up to do authentication for the SSH users

!connecting to it. The following command defines the AAA server group, ssh123, to

!use for authentication. The AAA server address, 10.1.1.200, and the key to

!authenticate to it, mysecure, are also defined.

aaa-server ssh123 (inside) host 10.1.1.200 mysecure

!The following command binds the AAA server group to the protocol TACACS+.

aaa-server ssh123 protocol tacacs+

!The following command is used to tell the PIX box to do authentication for the

!SSH users using the AAA server group, ssh123, defined above.

aaa authenticate ssh console ssh123