Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
119
Views
0
Helpful
1
Replies

ASA CiscoSSH Stack vs ASA Proprietary SSH stack

Arne Bier
VIP
VIP

‎05-29-2025 03:29 AM

Hello

ASA 9.20 release (on FPR2100 device). I had a TAC case about TACACS+ Remote Address = 0.0.0.0 in certain Authentication Requests (when using public key auth, and also in Authorization requests) - the TAC told me to "no ssh stack ciscossh" - that fixed the TACACS+ Remote Address issue (it's populated correctly in this mode). I wasn't aware of the "proprietary SSH stack" until now.

Anyone know what the downsides are of running this SSH stack vs the CiscoSSH? I don't need FIPS compliance. I am more concerned about the TACACS+ Remote Address working.

I can't be sure, but it sounds like CiscoSSH is updated more regularly (due to the openssh link) - but does that mean the other stack is not maintained?  Cisco docs don't explain that well.  And then then obvious question: has any pen testing been done to compare the two stacks and how they compare?

 

 

0 Helpful
1 Reply 1

ahollifield
VIP
VIP

‎05-29-2025 08:41 AM

@Ashley Pilbeam I know you have explained this in the past in the FirePower Foundry Webex Space.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card