Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2244
Views
5
Helpful
6
Replies

ASA 5505 ssh access question

Go to solution
yliu000011
Level 1
Level 1

‎04-26-2015 08:24 PM - edited ‎03-11-2019 10:50 PM

Hi,

Currently any ip address can ssh to my asa 5505 firewall outside interface. What should I do to restrict only certain IP can? What's the command to see the current ssh management access rule?

Thanks.

Ye 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
johnlloyd_13
Level 9
Level 9

‎04-26-2015 08:39 PM

hi,

try to issue a show run ssh.

you can restrict by using the ssh command such as below:

ssh <IP SUBNET> <SUBNET MASK> <INTERFACE>

ssh 1.1.1.0 255.255.255.0 outside

OR

ssh 1.1.1.50 255.255.255.255 outside

View solution in original post

0 Helpful

Go to solution
johnlloyd_13
Level 9
Level 9
In response to yliu000011

‎04-26-2015 09:03 PM

hi,

you should be in global config mode in order to add the SSH line:

CL-T179-12IH# conf t

CL-T179-12IH(config)# ssh 162.221.204.59 255.255.255.255 outside

 

put a 'no' in order to negate a line and a issue a write memory to save your config.

CL-T179-12IH(config)# no ssh 0.0.0.0 0.0.0.0 outside

View solution in original post

6 Replies 6

Go to solution
johnlloyd_13
Level 9
Level 9

‎04-26-2015 08:39 PM

hi,

try to issue a show run ssh.

you can restrict by using the ssh command such as below:

ssh <IP SUBNET> <SUBNET MASK> <INTERFACE>

ssh 1.1.1.0 255.255.255.0 outside

OR

ssh 1.1.1.50 255.255.255.255 outside

0 Helpful

Go to solution
yliu000011
Level 1
Level 1
In response to johnlloyd_13

‎04-26-2015 08:58 PM

I tried this and got an error. Please help.

CL-T179-12IH# ssh 162.221.204.59 255.255.255.255 outside
                                 ^
ERROR: % Invalid input detected at '^' marker.

 

 

Also when I do   "show run ssh" I see below line. How to remove it?

ssh 0.0.0.0 0.0.0.0 outside

Thanks.

 

Ye

0 Helpful

Go to solution
johnlloyd_13
Level 9
Level 9
In response to yliu000011

‎04-26-2015 09:03 PM

hi,

you should be in global config mode in order to add the SSH line:

CL-T179-12IH# conf t

CL-T179-12IH(config)# ssh 162.221.204.59 255.255.255.255 outside

 

put a 'no' in order to negate a line and a issue a write memory to save your config.

CL-T179-12IH(config)# no ssh 0.0.0.0 0.0.0.0 outside

Go to solution
yliu000011
Level 1
Level 1
In response to johnlloyd_13

‎04-26-2015 09:19 PM

Thanks a lot.

 

Ye

0 Helpful

Go to solution
Brahim O
Spotlight
Spotlight
In response to johnlloyd_13

‎09-20-2022 07:29 PM

After hours googling on how to allow only 1 IP for SSH access on ASA firewall on Packet Tracer, you saved my life !! 

CL-T179-12IH(config)# ssh 162.221.204.59 255.255.255.255 outside >> This worked for me !  but why we have to put such a mask ? 255.255.255.255 i am bit wondering

Thank you.

0 Helpful

Go to solution
johnlloyd_13
Level 9
Level 9
In response to Brahim O

‎09-23-2022 07:01 PM

hi,

all 255 (255.255.255.255) is a host subnet mask.

it's a /32 in CIDR notation.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card