Can't connect to Firepower with SSH

Kepler · ‎02-08-2023

Hi guys,

I have FCM with 2 clusters of FPR (active-standby) you can see on the screen:

I am not able to connect with SSH. I Tried connecting with SSH (putty) to all four IP addresses: (192.168.5.38, 192.168.5.34, 192.168.5.37, 192.168.5.33), but without success. also, I can't telnet to port 22. (on event-viewer i find nothing)

I already make an access rule for connecting with SSH and the web (HTTPS);
Also, I already add my IP address here:

P.S. Web works, but SSH not works.

So can you tell me please maybe somewhere else I must add my IP for SSH access?

thank you.

Marvin Rhoads · ‎02-08-2023

From the FMC Advanced Troubleshooting menu for the device, use the FTD cli menu show option and verify the ssh-access-list. Here's what it looks like from cli of a working device:

> show ssh-access-list
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp anywhere anywhere state NEW tcp dpt:ssh
>

Marius Gunnerud · ‎02-08-2023

By default there is no restriction for access to the management interface on the FTDs. Are you sure that you have connectivity to those IPs? If you allow ping in the firewall from your source PC's IP to the management interface IPs, if they are on different networks, are you able to ping them?

By the way the first image you posted about the Access list, that is for access to the FMC and not to the FTDs.

--
Please remember to select a correct answer and rate helpful posts