Re: how to setup new user for ssh connection

travis0 · ‎02-15-2005

Hello,

I'd like to create a new user for ssh access on a pix501. which commands should I use?

thanks,

travis.

steve.busby · ‎02-15-2005

username username password password privilege level

ddawson · ‎02-15-2005

SSH requires am RSA key pair in the PIX, which requires that the hostname and domain-name both be configured. The PIX also defaults to the pre-defined SSH username of "pix", but you can specify locally defined usernames/passwords instead. Here's a recipe that will do that, and create a local username of "leonardo" with a password of "davinci":

hostname PIX501

domain-name whatever.com

ca generate rsa key 1024

ca save all

ssh 0 0 outside

username xxx password xxx

aaa authentication ssh console LOCAL

write mem

Obviously, you can (and perhaps should) pick more appropriate values for some of these parameters. Also, the default idle timeout for telnet and ssh sessions in the PIX is 5 minutes, which I think is too short. To increase it to 30 minutes, for example, use the "ssh timeout 30" command.

Good luck!

travis0 · ‎02-22-2005

thank you.

I am using putty for ssh client. do you know of a better ssh client and it's free?

Travis.

ddawson · ‎02-22-2005

I actually quite like PuTTY, but it does take some getting used to. You could also try "Tera Term Pro Web" from www.ayera.com and see if you like it any better. I'm sure there are others, too, but these are the two I and my coworkers use most.

Good luck!