01-29-2008 01:24 PM - edited 03-11-2019 04:55 AM
How can I configure the ssh access on pix 506e?
Solved! Go to Solution.
01-29-2008 01:26 PM
Use this configuration:
pix506e(config)# ca zeroize rsa --- erase actual key
pix506e(config)# ca save all -- save changes
pix506e(config)# domain-name ciscopix.com --creates new key
pix506e(config)# ca generate rsa key 1024
For
take up to several minutes. Please wait.
Keypair generation process begin.
.Success.
pix506e(config)# ca save all -- save new changes
01-29-2008 01:38 PM
in the configure mode:
pix(config)#ssh x.x.x.x x.x.x.x outiside --- specify the interface by what you are access.
ssh ip address --- netmask ---- interface
01-29-2008 01:38 PM
You dont have to apply it anywhere. After you configure the commands posted in the above message, you have to configure the pix to allow what IP Addresses can access to which interface using SSH.
Example 1: The below command will allow all IP Addresses on the outside to access the pix via SSH.
ssh 0.0.0.0 0.0.0.0 outside
Example 2: The below command will allow all 10.1.1.0/24 Addresses on the inside to access the pix via SSH.
ssh 10.1.1.0 255.255.255.0 inside
Regards,
Arul
** Please rate all helpful posts **
01-29-2008 01:26 PM
Use this configuration:
pix506e(config)# ca zeroize rsa --- erase actual key
pix506e(config)# ca save all -- save changes
pix506e(config)# domain-name ciscopix.com --creates new key
pix506e(config)# ca generate rsa key 1024
For
take up to several minutes. Please wait.
Keypair generation process begin.
.Success.
pix506e(config)# ca save all -- save new changes
01-29-2008 01:28 PM
and how apply this?
01-29-2008 01:38 PM
in the configure mode:
pix(config)#ssh x.x.x.x x.x.x.x outiside --- specify the interface by what you are access.
ssh ip address --- netmask ---- interface
01-29-2008 01:38 PM
You dont have to apply it anywhere. After you configure the commands posted in the above message, you have to configure the pix to allow what IP Addresses can access to which interface using SSH.
Example 1: The below command will allow all IP Addresses on the outside to access the pix via SSH.
ssh 0.0.0.0 0.0.0.0 outside
Example 2: The below command will allow all 10.1.1.0/24 Addresses on the inside to access the pix via SSH.
ssh 10.1.1.0 255.255.255.0 inside
Regards,
Arul
** Please rate all helpful posts **
03-08-2008 10:21 AM
I was able to connect to my PIX 506e using SSH Secure Shell, but now I cannot. I get an error message saying "Connection closed by remote host? We have made no changes to the pix, all the sudden it quit working.
Do I need to regenerate the the rsa key? Or what should I do?
I am new on managing PIXes.
03-10-2008 12:06 AM
ssh timeout 10
issue this command in config mode
03-10-2008 11:27 AM
Thanks for the response. I changed from the existing 5 to 10 and then to 30.
Now my PIX 501e is doing the same thing.
It is still not working. What else can I do?
Thanks,
Noemi
03-11-2008 07:50 AM
!The two commands below are used to define the PIX's host name and domain name.
!This is necessary because the RSA keys used for encryption and decryption are
!named using these parameters and also are bound to the PIX via these parameters.
hostname pix123
domain-name test.com
!The command below is used to generate a 1024-bit RSA public/private key pair to
!be used for encryption and decryption.
ca generate rsa key 1024
!The command below is used to save the keys generated to Flash memory.
ca save all
!The commands below are used to tell the PIX to accept SSH connections on its
!outside interface and to set the idle timeout for SSH sessions to 15 minutes.
ssh 10.1.1.1 255.255.255.255 outside
ssh timeout 7
!Furthermore, the PIX can be set up to do authentication for the SSH users
!connecting to it. The following command defines the AAA server group, ssh123, to
!use for authentication. The AAA server address, 10.1.1.200, and the key to
!authenticate to it, mysecure, are also defined.
aaa-server ssh123 (inside) host 10.1.1.200 mysecure
!The following command binds the AAA server group to the protocol TACACS+.
aaa-server ssh123 protocol tacacs+
!The following command is used to tell the PIX box to do authentication for the
!SSH users using the AAA server group, ssh123, defined above.
aaa authenticate ssh console ssh123
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide