Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1180
Views
0
Helpful
5
Replies

ssh problem on pix firewall

david.xu
Level 1
Level 1

‎11-04-2002 01:31 PM - edited ‎02-20-2020 10:21 PM

I have pix firewall , PIX Version 6.1(1).

I am trying to configure for ssh login from outside.

I did configure the hostname ,domain name,ssh timeout, and

ssh x.x.x.x 255.255.255.0 outside

pass xxxx

but there is no AAA, and rsa .

The problem is stange.I can ssh into the pix by the usename pix and password after I configured , no any problem.but after I exit , I cannot login any more, there is just a quick freshing in the client software , and then go to "not connect".I did try another client software, it is same.

so I removed the ssh xxxx, and then I try the ssh again, it show me a message " remote host reject the session", so looks pix has the response. And then I add ssh xxxx again, the problem comes back.

I have a "access-group acl_in in interface outside" on outside interface, in the access list I didn't permit the port 22 on outside interface, does it affect the ssh connection?

I connect to internet through a NAT/PAT. Does it affect the ssh connection and cause the problem?

0 Helpful
5 Replies 5

david.xu
Level 1
Level 1

‎11-06-2002 09:52 AM

when I "sh logg", I saw there is a error message

"315004: Fail to establish SSH session because PIX RSA host key retrieval failed."

but I didn't use RSA key, do I have to use it, "ca gen rsa key 1024"?

Thanks,

david

0 Helpful

steve.barlow
Level 7
Level 7
In response to david.xu

‎11-06-2002 12:59 PM

Yes you need it. Here is a sample config of the commands needed:

hostname xxxx

domain-name xxxx

ca generate rsa key 1024

ca save all

ssh 10.10.10.10 255.255.255.255 outside

ssh timeout 60

Hope it helps.

Steve

0 Helpful

david.xu
Level 1
Level 1
In response to steve.barlow

‎11-07-2002 10:58 AM

Thanks for the help.

But I am still confused ,why the first time I can login by ssh without the RSA key, and then the problem happened without RSA key?

bug?

0 Helpful

hermann.pees
Level 1
Level 1
In response to david.xu

‎11-26-2002 05:50 AM

No , it isn't a bug . But in version 6.X you have to set the aaa command to access the pix.

use the following command

aaa authentication ssh console LOCAL

Im my opinion this will fix the problem .

regard

Hermann

0 Helpful

david.xu
Level 1
Level 1
In response to hermann.pees

‎11-26-2002 09:36 AM

Hi,Hermann

My version is 6.1, I didn't do aaa for console, but after I generate the rsa key and save it, my ssh is working fine now.

Thanks,

David

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card