Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8896
Views
5
Helpful
10
Replies

Not being able to have the ssh session from remote office in putty

Go to solution
diwakar410
Level 1
Level 1

‎05-31-2016 02:53 AM - edited ‎03-12-2019 12:49 AM

I have cisco ASA and i configured the ASA to have remote connection from remote office as well. 

I used the command ssh 0.0.0.0 0.0.0.0 outside where outside is my outside interface in ASA.

But, whenever i try to access the ASA from putty, i get this error "server unexpectedly closed network connection".

What can be done to solve this error and get the cli access of my ASA. 

In the same way, i did for my GUI access in the ASA using command 

http 0.0.0.0 0.0.0.0 outside and i have the ASDM acess which is running fine but not the ssh.

Do i need to open the ssh ports by using static nat and access list? Even the port checker tool tells that my 22 port is open.

Please help. Thank you for your input.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Aditya Ganjoo
Cisco Employee
Cisco Employee

‎05-31-2016 04:01 AM

Hi Diwakar,

Did you generate the crypto key ?

cry key gen rsa mod 1024

Regards,

Aditya

Please rate helpful posts and mark correct answers.

View solution in original post

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to diwakar410

‎06-01-2016 02:32 AM

Have you configured a locally defined usernme / password or are you using a RADIUS server?

also have you configured

aaa authentication ssh console LOCAL    (tells the ASA to use the local username database)

aaa authentication enable console LOCAL    (tells the ASA to use the same password for enable that is used for the user account.) though this is not needed if you have configured the enable password.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

0 Helpful
10 Replies 10

Go to solution
Aditya Ganjoo
Cisco Employee
Cisco Employee

‎05-31-2016 04:01 AM

Hi Diwakar,

Did you generate the crypto key ?

cry key gen rsa mod 1024

Regards,

Aditya

Please rate helpful posts and mark correct answers.

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to Aditya Ganjoo

‎05-31-2016 04:28 AM

cry key gen rsa mod 1024

It's 2016, please do not suggest 1024 bit keys any more!

0 Helpful

Go to solution
diwakar410
Level 1
Level 1
In response to Karsten Iwen

‎05-31-2016 09:16 PM

Hello there,

I have not generated the crypto key

so what would be the command like? Do i need any other commands apart form this one?

                                                                    Is it "ssh 0.0.0.0 0.0.0.0 outside "

and "cry key gen rsa mod 1024"

0 Helpful

Go to solution
Aditya Ganjoo
Cisco Employee
Cisco Employee
In response to diwakar410

‎06-01-2016 12:57 AM

Hi Diwakar,

It should be fine.

Regards,

Aditya

Please rate helpful posts and mark correct answers.

0 Helpful

Go to solution
diwakar410
Level 1
Level 1
In response to Aditya Ganjoo

‎06-01-2016 01:47 AM

Hi Aditya thank you for your response.

I ran the following commands and got the ssh access as well but now the user name and password is incorrect. I have not set any password for ssh and with the same password i can access ASDM. What could be the issue?

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to diwakar410

‎06-01-2016 02:32 AM

Have you configured a locally defined usernme / password or are you using a RADIUS server?

also have you configured

aaa authentication ssh console LOCAL    (tells the ASA to use the local username database)

aaa authentication enable console LOCAL    (tells the ASA to use the same password for enable that is used for the user account.) though this is not needed if you have configured the enable password.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
diwakar410
Level 1
Level 1
In response to Marius Gunnerud

‎06-01-2016 02:53 AM

Hi Marius,

I don't have the RADIUS server and i have not created more than one user/password.

Do you mean that using this command aaa authentication ssh console LOCAL will help me to have the same username / password for ssh access as well? 

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to diwakar410

‎06-04-2016 03:36 AM

if you intent to use a locally defined username / password you need to have the aaa authentication ssh console LOCAL command.  Otherwise you would need to define the passwd <password> and use pix as the username.  But don't do that as it might be confusing if you don't quite understand it.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

Go to solution
Karsten Iwen
VIP
VIP
In response to Marius Gunnerud

‎06-04-2016 03:49 AM

Luckily, the pix/asa default username is gone a long time ago.

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to Karsten Iwen

‎06-04-2016 03:51 AM

That depends on the version you are running :-)

Unfortunately there are still quite a few companies out there running 8.2.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card