Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1506
Views
0
Helpful
1
Replies

Cut-Through proxy and SSH

saronm
Level 1
Level 1

‎09-30-2010 12:43 AM - edited ‎03-11-2019 11:47 AM

Hi,

I am trying to get cut through proxy to authenticate SSH connectivity. If I use telnet, the firewall will proxy correctly and force local AAA authentication however, when using SSH, the connection is dropped with error :

processing uauth_error, session id: 2147483663, message: Must authenticate before using this service.

Why does the firewall not enforce AAA authentication when connecting using SSH rather than telnet??

Configured on ASA5510 SP - version 8.

Please assist?

Thanks!

Labels:
0 Helpful
1 Reply 1

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎09-30-2010 09:32 AM

Saron,

On ASA you cannot use SSH to authenticate for CTP.

Supported authentication protocols:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/access_fwaaa.html#wp1061184

We'd need to somehow do a man in the middle attach on SSH flows to make CTP work with SSH.

Hope this helps,

Marcin

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top