cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1347
Views
7
Helpful
3
Replies

SSH access to PIX

hermann.pees
Level 1
Level 1

Hello ,

i have a PIX 515 . I have configure SSH access to the outside interface. But if i login the access rejected with the error.

Invalid message type

I have configure a username password with all privileg . The actualy Siftware is the Version 6.2 .

The access with PDM works fine.

anybody an idea ?

thanks

1 Accepted Solution

Accepted Solutions

rgreville
Level 1
Level 1

First of all you need todo the foillowing

hostname XXXXXXXX

Domain-name XXXXXXXX

passwd XXXXXXX (this is the password used to authenticate Telnet / SSH)

Then you will need to create a RSA key pair

ca generate rsa key 512 (check this command you can mess around with the encryption levels ie 512 or 1204)

Allow Hosts/Networks to ssh to your PIX

ssh #ip address or network# #subnet mask# #interface#

EG

If my external IP address my 1.1.1.1 and I needed to acess your pix you would have to enter the following command

ssh 1.1.1.1 255.255.255.255 outside

If you get prompted for a username try pix, I use scrt very good terminal software.

Thanks

RG

View solution in original post

3 Replies 3

steve.barlow
Level 7
Level 7

Have you entered all these commands on the PIX:

ssh x.x.x.x 255.255.255.255 outside

ssh timeout x

hostname pix

domain-name example.com

ca generate rsa key 1024

If yes, what is your SSH client version, should be 1.x (I use 1.5 and it works).

Hope it helps.

Steve

From cisco:

Invalid message type: The PIX Firewall received a non-SSH message, or an unsupported or unwanted SSH message.

Action: Check whether the peer is an SSH client. If it is a client supporting SSHv1, and this message persists, from the PIX serial console enter the debug ssh command and capture the debug messages. Then contact Cisco TAC.

Steve

rgreville
Level 1
Level 1

First of all you need todo the foillowing

hostname XXXXXXXX

Domain-name XXXXXXXX

passwd XXXXXXX (this is the password used to authenticate Telnet / SSH)

Then you will need to create a RSA key pair

ca generate rsa key 512 (check this command you can mess around with the encryption levels ie 512 or 1204)

Allow Hosts/Networks to ssh to your PIX

ssh #ip address or network# #subnet mask# #interface#

EG

If my external IP address my 1.1.1.1 and I needed to acess your pix you would have to enter the following command

ssh 1.1.1.1 255.255.255.255 outside

If you get prompted for a username try pix, I use scrt very good terminal software.

Thanks

RG

Review Cisco Networking for a $25 gift card