cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2076
Views
0
Helpful
2
Replies

SSH access list and hostname

shell_uk_
Level 1
Level 1

Hi All

Am I doing something daft/misunderstanding here?

Configuring a Cisco ASA 5505 from the CLI. "ssh ?" shows:

hostname or A.B.C.D    The IP addres of the host and/or network authorized to

                                    login to the system

Yet when I enter a hostname I get "Invalid hostname". It isn't invalid! If I do ping <hostname> as the next command it resolves it fine.


Basically I want to do is allow access from home where I have a dynamic IP and have a DynDNS account set up to update a hostname with the current IP.

Thanks all

Shell

1 Accepted Solution

Accepted Solutions

Shrikant Sundaresh
Cisco Employee
Cisco Employee

Hi Shell,

The "host name" mentioned in the "ssh ?" output, is basically a name-to-ip mapping that can be defined on the ASA.

It does resolve the names in ping, but that dynamic resolution doesn't work for all features.

So you can configure something like:

names          (to enable names)

name 192.168.1.10 office_pc

name 62.62.62.62 home_pc

ssh office_pc 255.255.255.255 inside

ssh home_pc 255.255.255.255 outside

However you wouldn't be able to configure ssh for the DDNS name that you have.

I would suggest having ssh open for the full subnet within which you get the DHCP ip, and use a strong cryptic password for ssh login.

Hope this helps.

-Shrikant

P.S.: Please mark the question resolved, if it has been answered. Do rate helpful posts. Thanks.

View solution in original post

2 Replies 2

Shrikant Sundaresh
Cisco Employee
Cisco Employee

Hi Shell,

The "host name" mentioned in the "ssh ?" output, is basically a name-to-ip mapping that can be defined on the ASA.

It does resolve the names in ping, but that dynamic resolution doesn't work for all features.

So you can configure something like:

names          (to enable names)

name 192.168.1.10 office_pc

name 62.62.62.62 home_pc

ssh office_pc 255.255.255.255 inside

ssh home_pc 255.255.255.255 outside

However you wouldn't be able to configure ssh for the DDNS name that you have.

I would suggest having ssh open for the full subnet within which you get the DHCP ip, and use a strong cryptic password for ssh login.

Hope this helps.

-Shrikant

P.S.: Please mark the question resolved, if it has been answered. Do rate helpful posts. Thanks.

Thanks Shrikant. I'll have a think how I want to go about it then. Public IP range is huge, massive ISP! Would be a waste of time even restricting it lol

Review Cisco Networking for a $25 gift card