Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
646
Views
0
Helpful
2
Replies

problems logging into PIX with SSH

Go to solution
augeiss
Level 1
Level 1

‎03-17-2004 05:50 AM - edited ‎02-20-2020 11:18 PM

Hi there,

I have a PIX 506 running OS 6.2(2) which is in a DMZ, known as the outside PIX. It is behind another PIX506 (the inside PIX). Both PIX have Tacacs+ configured for login authentication.

Last week the outside PIX crashed physically and I have replaced it with a spare PIX and reconfigured it entirely.

Now I cannot log on to this outside PIX using SSH, despite the access-list on the inside PIX is correct and permits both SSH and tacacs+. However I can telnet to it.

I am using Putty to connect and when I start the SSH session the login window of the PIX appears and immediately disappears without me having the time to do anything.

Any help would be greatly appreciated. Many thanks in advance.

A.G.

##################################################

The inside PIX config :

access-list inside permit tcp Company-Inside-Net 255.255.255.0 host outsidepix-inside-interface eq ssh

access-list inside permit tcp Company-Inside-Net 255.255.255.0 host outsidepix-inside-interface eq telnet

access-list inside permit icmp Company-Inside-Net 255.255.255.0 DMZNet 255.255.255.192 echo

access-list inside permit icmp Company-Inside-Net 255.255.255.0 DMZNet 255.255.255.192 echo-reply

access-list dmzacl permit icmp host outsidepix-inside-interface Company-Inside-Net 255.255.255.0 echo

access-list dmzacl permit icmp host outsidepix-inside-interface Company-Inside-Net 255.255.255.0 echo-reply

access-list dmzacl permit tcp host outsidepix-inside-interface host tacacs-server1 eq tacacs

access-list dmzacl permit tcp host outsidepix-inside-interface host tacacs-server2 eq tacacs

The outside PIX config :

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ (inside) host tacacs-server1 1234 timeout 10

aaa-server TACACS+ (inside) host tacacs-server2 1234 timeout 10

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

aaa authentication telnet console TACACS+

aaa authentication ssh console TACACS+

aaa authentication enable console TACACS+

telnet Company-Inside-Net 255.255.255.0 inside

telnet timeout 5

ssh Company-Inside-Net 255.255.255.0 inside

ssh DMZNet 255.255.255.192 inside

ssh timeout 5

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mostiguy
Level 6
Level 6

‎03-17-2004 06:44 AM

did you follow the steps for setting up ssh? is the hostname and domain name defined on it? did you ca generate rsa... to create the encryption keys?

View solution in original post

0 Helpful
2 Replies 2

Go to solution
mostiguy
Level 6
Level 6

‎03-17-2004 06:44 AM

did you follow the steps for setting up ssh? is the hostname and domain name defined on it? did you ca generate rsa... to create the encryption keys?

0 Helpful

Go to solution
augeiss
Level 1
Level 1
In response to mostiguy

‎03-19-2004 01:00 AM

ah yes...

Thanks very much that did the trick, i had forgotten the rsa key generation and save... now it is working perfectly...

Many thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card