cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2649
Views
5
Helpful
10
Replies
Beginner

Not being able to have the ssh session from remote office in putty

I have cisco ASA and i configured the ASA to have remote connection from remote office as well. 

I used the command ssh 0.0.0.0 0.0.0.0 outside where outside is my outside interface in ASA.

But, whenever i try to access the ASA from putty, i get this error "server unexpectedly closed network connection".

What can be done to solve this error and get the cli access of my ASA. 

In the same way, i did for my GUI access in the ASA using command 

http 0.0.0.0 0.0.0.0 outside and i have the ASDM acess which is running fine but not the ssh.

Do i need to open the ssh ports by using static nat and access list? Even the port checker tool tells that my 22 port is open.

Please help. Thank you for your input.

Everyone's tags (3)
2 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted
Cisco Employee

Hi Diwakar,

Hi Diwakar,

Did you generate the crypto key ?

cry key gen rsa mod 1024

Regards,

Aditya

Please rate helpful posts and mark correct answers.

View solution in original post

Highlighted
VIP Advocate

Have you configured a locally

Have you configured a locally defined usernme / password or are you using a RADIUS server?

also have you configured

aaa authentication ssh console LOCAL    (tells the ASA to use the local username database)

aaa authentication enable console LOCAL    (tells the ASA to use the same password for enable that is used for the user account.) though this is not needed if you have configured the enable password.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

10 REPLIES 10
Highlighted
Cisco Employee

Hi Diwakar,

Hi Diwakar,

Did you generate the crypto key ?

cry key gen rsa mod 1024

Regards,

Aditya

Please rate helpful posts and mark correct answers.

View solution in original post

Highlighted
VIP Mentor

cry key gen rsa mod 1024

cry key gen rsa mod 1024

It's 2016, please do not suggest 1024 bit keys any more!

Highlighted
Beginner

Hello there,

Hello there,

I have not generated the crypto key

so what would be the command like? Do i need any other commands apart form this one?

                                                                    Is it "ssh 0.0.0.0 0.0.0.0 outside "

and "cry key gen rsa mod 1024"

Highlighted
Cisco Employee

Hi Diwakar,

Hi Diwakar,

It should be fine.

Regards,

Aditya

Please rate helpful posts and mark correct answers.

Highlighted
Beginner

Hi Aditya thank you for your

Hi Aditya thank you for your response.

I ran the following commands and got the ssh access as well but now the user name and password is incorrect. I have not set any password for ssh and with the same password i can access ASDM. What could be the issue?

Highlighted
VIP Advocate

Have you configured a locally

Have you configured a locally defined usernme / password or are you using a RADIUS server?

also have you configured

aaa authentication ssh console LOCAL    (tells the ASA to use the local username database)

aaa authentication enable console LOCAL    (tells the ASA to use the same password for enable that is used for the user account.) though this is not needed if you have configured the enable password.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

Highlighted
Beginner

Hi Marius,

Hi Marius,

I don't have the RADIUS server and i have not created more than one user/password.

Do you mean that using this command aaa authentication ssh console LOCAL will help me to have the same username / password for ssh access as well? 

Highlighted
VIP Advocate

if you intent to use a

if you intent to use a locally defined username / password you need to have the aaa authentication ssh console LOCAL command.  Otherwise you would need to define the passwd <password> and use pix as the username.  But don't do that as it might be confusing if you don't quite understand it.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
Highlighted
VIP Mentor

Luckily, the pix/asa default

Luckily, the pix/asa default username is gone a long time ago.

Highlighted
VIP Advocate

That depends on the version

That depends on the version you are running :-)

Unfortunately there are still quite a few companies out there running 8.2.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts