Solved: Passwordless SSH to Cisco ASA

majid3612 · ‎06-26-2020

I want to run a command (VPN report) 2 times per day at specific hours. I have to use cronjob in a PC to connect to ASA through SSH (or Putty). However, I cannot connect to ASA without password and I don't know how I can manage it in order to connect to it securely with password (there is also a password to go to EXEC mode). Can you please help me?

Marvin Rhoads · ‎06-26-2020

You can setup an EEM script on the ASA to run the report and then email the results (or copy them to an ftp/tftp/smb target).

https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/117883-config-eem-00.html#anc0

View solution in original post

Marvin Rhoads · ‎06-26-2020

You can setup an EEM script on the ASA to run the report and then email the results (or copy them to an ftp/tftp/smb target).

https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/117883-config-eem-00.html#anc0

majid3612 · ‎06-26-2020

I appreciate your great response. I found it very interesting. However, there is a minor issue with the CLI command. I use "show vpn-sessiondb anyconnect filter p-ipversion v4 | redirect tftp://192.168.1.53" using rotate 100 as my desired command but no file is created in ftp location. I want to have different files with their corresponding timestamps. What should I check?

Marvin Rhoads · ‎06-27-2020

tftp typically cannot write a file that doesn't exist on the target system. Can you use ftp instead? Then have a script on the target system that moves the files from the target directory and renames them with a unique timestamp.

majid3612 · ‎06-27-2020

awesome! I could manage it successfully. Thanks Marvin!