Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2076
Views
0
Helpful
2
Replies

SSH access list and hostname

Go to solution
shell_uk_
Level 1
Level 1

‎04-04-2011 01:39 PM - edited ‎03-11-2019 01:16 PM

Hi All

Am I doing something daft/misunderstanding here?

Configuring a Cisco ASA 5505 from the CLI. "ssh ?" shows:

hostname or A.B.C.D    The IP addres of the host and/or network authorized to
                                    login to the system

Yet when I enter a hostname I get "Invalid hostname". It isn't invalid! If I do ping <hostname> as the next command it resolves it fine.


Basically I want to do is allow access from home where I have a dynamic IP and have a DynDNS account set up to update a hostname with the current IP.

Thanks all

Shell

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Shrikant Sundaresh
Cisco Employee
Cisco Employee

‎04-04-2011 03:17 PM

Hi Shell,

The "host name" mentioned in the "ssh ?" output, is basically a name-to-ip mapping that can be defined on the ASA.

It does resolve the names in ping, but that dynamic resolution doesn't work for all features.

So you can configure something like:

names          (to enable names)

name 192.168.1.10 office_pc

name 62.62.62.62 home_pc

ssh office_pc 255.255.255.255 inside

ssh home_pc 255.255.255.255 outside

However you wouldn't be able to configure ssh for the DDNS name that you have.

I would suggest having ssh open for the full subnet within which you get the DHCP ip, and use a strong cryptic password for ssh login.

Hope this helps.

-Shrikant

P.S.: Please mark the question resolved, if it has been answered. Do rate helpful posts. Thanks.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Shrikant Sundaresh
Cisco Employee
Cisco Employee

‎04-04-2011 03:17 PM

Hi Shell,

The "host name" mentioned in the "ssh ?" output, is basically a name-to-ip mapping that can be defined on the ASA.

It does resolve the names in ping, but that dynamic resolution doesn't work for all features.

So you can configure something like:

names          (to enable names)

name 192.168.1.10 office_pc

name 62.62.62.62 home_pc

ssh office_pc 255.255.255.255 inside

ssh home_pc 255.255.255.255 outside

However you wouldn't be able to configure ssh for the DDNS name that you have.

I would suggest having ssh open for the full subnet within which you get the DHCP ip, and use a strong cryptic password for ssh login.

Hope this helps.

-Shrikant

P.S.: Please mark the question resolved, if it has been answered. Do rate helpful posts. Thanks.

0 Helpful

Go to solution
shell_uk_
Level 1
Level 1
In response to Shrikant Sundaresh

‎04-05-2011 01:23 AM

Thanks Shrikant. I'll have a think how I want to go about it then. Public IP range is huge, massive ISP! Would be a waste of time even restricting it lol

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card