Re: connecting remotly to PIX by SSH

lebda · ‎08-30-2003

Hi,

How I can connect remotly to PIX by SSH protocol, I mean what is the commands I should put it on PIX, and what is the setting for client SSH software(what is the prfered one,from where i can get it).

Thanks for help

scoclayton · ‎08-30-2003

Hi,

It is fairly straightforward. You first need to create the RSA key on the PIX using the following command:

ca generate rsa key

can be either 512, 768, 1024, or 2048

Then you need to explicitly permit your work-station to open an SSH connection to the PIX. To do this, use the following command:

ssh

For instance, 'ssh 1.1.1.1 255.255.255.255 outside' would allow the 1.1.1.1 host to conenct via SSH from the outside. You can also change the SSH idle timeout if you want using the following command:

ssh timeout

I always set this to 60 because I hate my SSH sessions timing out.

As for the client piece, and SSH client should work. From a windows platform, the easiest to use is probably PuTTY (and it is free). The default username (unless you have AAA setup) is pix and the SSH password is your telnet password. From here, just proceed as you do with telnet.

Good luck.

Scott

mostiguy · ‎08-30-2003

You will need to define the pix hostname first before you use the ca generate command.

Also, if you do the ca generate command, and use a keylength of 1024 or 2048, and then use PDM, PDM will wipe it out, and create a 768 bit key, which will cause most ssh clients to then complain that the key is not what is expected, and that security might be breached. This can be disregarded in this instance because of PDM's quirky behaviour