Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1513
Views
0
Helpful
2
Replies

SSH local database username and password not working

Go to solution
sstepun
Level 1
Level 1

‎02-29-2012 07:50 AM - edited ‎03-10-2019 06:51 PM

I have a weird issue. I recently setup an ASA 5510 and had SSH working. To make it easier on my VPN users I then decided I wanted to setup a Windows 2008 Network Policy Server for RADIUS authentication. Ever since I added the RADIUS part to aaa authentication, when I use SSH to connect to the ASA it will not take the local user name and password I have setup. I can however get in using a Domain user name and password. Below is the SSH and AAA configuration. Am I missing something here? The username and password in the ASA is not on the domain and it's like the ASA is not even trying LOCAL when it tries to authenticate. I want it to use the local username and password if possible. I'm kind of new to ASA's..

On another note, I have never been able to SSH in on the internal interface. I always get a "The remote system refused the connection" error message. I can only use the outside interface.

Site-ASA# sh run | in ssh

aaa authentication ssh console SERVER_RADIUS LOCAL

ssh 0.0.0.0 0.0.0.0 outside

ssh 0.0.0.0 0.0.0.0 inside

ssh timeout 60

ssh version 2

Site-ASA# sh run | in aaa

aaa-server SERVER_RADIUS protocol radius

aaa-server SERVER_RADIUS (inside) host 10.0.0.6

aaa authentication ssh console SERVER_RADIUS LOCAL

aaa authentication http console SERVER_RADIUS LOCAL

Site-ASA#

If there are any other config that would help I would be more than happy to display them

Thanks!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
tonythacheth
Level 1
Level 1

‎02-29-2012 01:01 PM

Hi

try as

aaa authentication ssh console LOCAL SERVER_RADIUS

bcoz if radius is reachable the device will not check the local users.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
tonythacheth
Level 1
Level 1

‎02-29-2012 01:01 PM

Hi

try as

aaa authentication ssh console LOCAL SERVER_RADIUS

bcoz if radius is reachable the device will not check the local users.

0 Helpful

Go to solution
sstepun
Level 1
Level 1
In response to tonythacheth

‎02-29-2012 01:18 PM

Thanks for the reply. I was just coming in to update this because you are exactly correct. For some reason I kept thinking that if the authentication failed via RADIUS it would use local which is not the case.

Problem (or no problem) resolved.

0 Helpful
Customers Also Viewed These Support Documents