Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
12155
Views
8
Helpful
4
Replies

SSH access authentication failed.

servnj
Level 1
Level 1

‎01-30-2009 12:50 PM - edited ‎03-11-2019 07:44 AM

I have an asa5505 Ver 7.2(4)that I am trying to get a SSH connection with SecureCRT but I keep getting Password Authentication failed. This is what I have entered.

ssh 192.168.0.0 255.255.0.0 inside

ssh version 2

username Name password Password

crypto key generate rsa

I am connecting from 192.168.80.0 subnet and the ASA is in 192.168.20.0 subnet

This is the debug SSH

firewall# debug ssh

debug ssh enabled at level 1

firewall# Device ssh opened successfully.

SSH0: SSH client: IP = '192.168.80.120' interface # = 1

SSH: host key initialised

SSH0: starting SSH control process

SSH0: Exchanging versions - SSH-2.0-Cisco-1.25

SSH0: send SSH message: outdata is NULL

server version string:SSH-2.0-Cisco-1.25SSH0: receive SSH message: 83 (83)

SSH0: client version is - SSH-2.0-SecureCRT_6.1.3 (build 423) SecureCRT

client version string:SSH-2.0-SecureCRT_6.1.3 (build 423) SecureCRTSSH0: begin server key generation

SSH0: complete server key generation, elapsed time = 2310 ms

SSH2 0: SSH2_MSG_KEXINIT sent

SSH2 0: SSH2_MSG_KEXINIT received

SSH2: kex: client->server aes256-cbc hmac-sha1 none

SSH2: kex: server->client aes256-cbc hmac-sha1 none

SSH2 0: expecting SSH2_MSG_KEXDH_INIT

SSH2 0: SSH2_MSG_KEXDH_INIT received

SSH2 0: signature length 143

SSH2: kex_derive_keys complete

SSH2 0: newkeys: mode 1

SSH2 0: SSH2_MSG_NEWKEYS sent

SSH2 0: waiting for SSH2_MSG_NEWKEYS

SSH2 0: newkeys: mode 0

SSH2 0: SSH2_MSG_NEWKEYS receivedSSH(Serv): user authen method is 'no AAA', aaa server group ID = 0

SSH(Serv): user authen method is 'no AAA', aaa server group ID = 0

SSH2 0: authentication failed for Name

Labels:
0 Helpful
4 Replies 4

srue
Level 7
Level 7

‎01-30-2009 01:09 PM

set ssh authentication to LOCAL.

or use default username (pix?) with default password.

0 Helpful

servnj
Level 1
Level 1
In response to srue

‎02-04-2009 11:32 AM

I was able to SSH using pix and the user access mode password. How do I change the default username PIX?

Thanks

brian.warner
Level 1
Level 1
In response to servnj

‎04-18-2013 07:13 AM

Enter this command aaa new-model

The aaa new-model command causes the local username and password on the router to be used in the absence of other AAA statements.

Or enter login local on the config of the line vty 0 15

Matt Wilson
Level 1
Level 1
In response to brian.warner

‎04-23-2019 08:38 PM - edited ‎04-23-2019 08:39 PM

Try adding:

aaa authentication ssh console LOCAL

into your config. This assumes you are not using some exterior form of authentication.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card