Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
890
Views
0
Helpful
0
Replies

PIX Shun remediation Module

terrygwazdosky
Level 1
Level 1

‎08-09-2019 11:19 AM - edited ‎02-21-2020 09:23 AM

I was able to import a copy of the 5.4 PIX Shun Remediation module into my system running 6.2.3.  It works, but only if SSH v1 is enabled on my ASA, with v2 it doesn't.  I ran debug ssh on the ASA when trying with version 2 and this is what I got:

Device ssh opened successfully.
SSH1: SSH client: IP = 'x.x.x.x' interface # = 4
SSH: host key initialised
SSH1: starting SSH control process
SSH1: Exchanging versions - SSH-2.0-Cisco-1.25

SSH1: send SSH message: outdata is NULL

server version string:SSH-2.0-Cisco-1.25
SSH1: receive SSH message: 83 (83)
SSH1: client version is - SSH-2.0-1.34

client version string:SSH-2.0-1.34

SSH2 1: SSH2_MSG_KEXINIT sentSSH1: TCP read failed, error code = 0x86300003 "TCP connection closed"
SSH1: receive SSH message: [no message ID: variable *data is NULL]

SSH2 1: ssh_send unsuccessfulSSH1: Session disconnected by SSH server - error 0x00 "Internal error"

 

I can SSH from the CLI of my Firepower TDC VM, which uses OpenSSH, so I know that works.  I have tried to re-write the SSH.pm script contained in the cisco_pix.tgz file to use the instance of OpenSSH that is installed, but I'm not a programmer and have not had any success.  Can anyone help?

 

Preview file
14 KB
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card