cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5101
Views
0
Helpful
8
Replies

unable to SSH to CISCO ASA ( ASA software running on FTD-2110 Appliance)

ariel2424
Level 1
Level 1

Hello Everyone.  

I have installed CISCO ASA Version 9.10(1).11 on a FTD-2110 appliance. 

This appliance answer on both 192.168.45.1 and 192.168.45.45. 

To get to the firepower software you go to 192.168.45.45(then from there you can access the asa) or to get straight to asa you can open ASDM and connect to 192.168.45.1. 

HTTP and ASDM works, SSH isn't. 

I have configured SSH as shown in Cisco documentation and it's doesn't work.

tried to solve this myself with no success. 

 

Related Configuration: 

ciscoasa(config)# show running-config all ssh
ssh stricthostkeycheck
ssh 192.168.45.0 255.255.255.0 management
ssh timeout 5
ssh version 2
ssh cipher encryption medium
ssh cipher integrity medium
ssh key-exchange group dh-group1-sha1

 

Local Username was configured and the following command 

aaa authentication ssh console LOCAL

 I see the Drops on ASDM ( ssh access file show the drops on ASDM). 

Anybody come across this and solve this? 

Thanks. 

 

 

8 Replies 8

have to define a local user on ASA.

 

username admin priv 15 password cisco123

please do not forget to rate.

Marvin Rhoads
Hall of Fame
Hall of Fame

Did you generate an rsa key?

conf t
crypto key generate rsa mod 2048
end

@Marvin Rhoads 

if https is working as it was confirmed that he had access to ASDM than it means the key are generated.

i am curious how is is accessing the ASDM. i am under the impression the ASDM is access able if you only enable the https only.

 

!

http server enable

http 0.0.0.0 0.0.0.0 mgmt

!

now if these above command are configured he will have access to ASDM even without doing the config of local username. having said that if you check the logs he showed. their is unknow username. which point there is no local database configured

 

please do not forget to rate.

@Sheraz.Salim - good point.

 

I have also seen users lately using old putty clients and newer ASA software whereby the ssh negotiation fails due to lack of support for newer key exchanges in the library used by the client software. That problem would affect ssh but not ASDM (which uses ssl/tls libraries included in the end user's Java installation).

Hi Marvin, 

I'm using the latest Putty version. 

OK - good to know. 

I'd try a packet capture during an attempted connection to see what's going on. Open it up in Wireshark and have a look at the back and forth.

Hi, 

As a mention previously Local username and password is defined. I don't know why this error appeared 

http server is enable by default on the ASA. 

 

 

mbilgrav
Level 3
Level 3
YES !
Had the issue last year: from my notes:
I had SSH issues in 9.9.1 plain vanilla
I then Upgraded to 9.9.1.3 interim, only to hit a new failover bug
I then upgraded to 9.9.1.4 interim … and be happy !

The SSH issue could as workaround be fixed by reload, this was before I upgraded
sad if the bug has been drop over in the 9.10 track ... try get the latest Interim and upgrade the bundle
Review Cisco Networking for a $25 gift card