Solved: How to Configure SSH Only Access on PIX 506e

Thomas Reiling · ‎03-05-2011

Just wanted to know if someone could show me step-by-step how to configure SSH access on my PIX 506e. I would like to use local authentication with no AAA server. Also I would like to have telnet disabled completely. Thank you.

Thomas

Federico Coto Fajardo · ‎03-05-2011

You're right... for example to use AAA with local authentication you do:

aaa authentication ssh console LOCAL

And let's say that you only want the network 1.1.1.0/24 to be able to SSH to the outside interface, you do:

ssh 1.1.1.0 255.255.255.0 outside

Hope it helps.

Federico.

View solution in original post

Federico Coto Fajardo · ‎03-05-2011

Hi Thomas,

Telnet is not possible to the outside interface of the PIX (only via a tunnel).

To configure SSH follow these steps:

1. Configure a name (hostname mypix)

2. Configure a domain-name (domain-name myname.com)

3. Generate RSA keys (crypto ca generate rsa)

4. Enable SSH (ssh 0 0 outside)

You can tune timers and restrictions, but for SSH to work you can do the above.

If there's no command:

telnet 0 0 inside or equivalent, then the PIX won't accept telnet connections.

Hope it helps.

Federico.

Thomas Reiling · ‎03-05-2011

Thank you, Federico. I was wondering about setting up AAA for authentication and also configuring the IP addresses allowed to SSH into the PIX.

Thank you,

Thomas

Federico Coto Fajardo · ‎03-05-2011

You're right... for example to use AAA with local authentication you do:

aaa authentication ssh console LOCAL

And let's say that you only want the network 1.1.1.0/24 to be able to SSH to the outside interface, you do:

ssh 1.1.1.0 255.255.255.0 outside

Hope it helps.

Federico.