Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
415
Views
0
Helpful
5
Replies

SSH to outside interface

dsingleterry
Level 1
Level 1

‎01-30-2003 02:19 PM - edited ‎03-09-2019 01:54 AM

Hi, I am trying to setup SSH for outside access to my PIX,

I have added

ssh 0.0.0.0 0.0.0.0 outside

ssh timeout 10

and I am able to see the device with a SSH client, but it wont let me authenticate.

I tried reading through some previous links posted regarding SSH setup, but a lot of it was referring to AAA servers, and I dont have anything that elaborate setup here.

I went ahead and entered

ca gen rsa key 1024

to see if that would help and I am still unable to auth to the PIX outside interface from an outside IP.

Suggestions welcome :)

Thanks,

Dave

Labels:
0 Helpful
5 Replies 5

gfullage
Cisco Employee
Cisco Employee

‎01-30-2003 05:23 PM

SSH requires a username and password. If you don't have an external Radius/TACACS server,then you cna just login with the username of "pix" and use the Telnet password as the password.

See http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_60/config/commands.htm#xtocid75 for details.

0 Helpful

dsingleterry
Level 1
Level 1
In response to gfullage

‎01-30-2003 06:06 PM

oh, thanks.

0 Helpful

dsingleterry
Level 1
Level 1
In response to dsingleterry

‎01-31-2003 01:24 PM

Ok, I have 3 firewalls in diff locations.

SSH is working on one of them only.

This is really weird, I have :

domain-name yrpci.com

ssh 0.0.0.0 0.0.0.0 outside

and have checked my enable and telnet passwords.

I can see the PIX's using SSH (I'm using Tera Term Pro with the SSH extension) but am unable to actually authenticate.

I'm using the username PIX, and have tried both the enable and telnet password. Neither will authenticate.

I've also even tried adding a local user:

username cisco password BS/vQ9dzYT2I3rJy encrypted privilege 15

and it wont authenticate either.

Suggestions welcome,

Thanks,

Dave

0 Helpful

robertgile
Level 1
Level 1
In response to dsingleterry

‎02-01-2003 02:43 PM

Check to see if you generated the rsa keys and saved them on each of the PIXs...also check to make sure you have the correct subnet and subnet mask to permit SSH [unless you are using 0.0.0.0 0.0.0.0 & allowing everyone {not recommended}]

RobertG...

0 Helpful

dsingleterry
Level 1
Level 1
In response to robertgile

‎02-01-2003 08:01 PM

yes, I generated the keys, and ca save all 'd them as well

For the time being Ive even setup ssh 0 0 outside since it doesnt seem to allow anyone anyway.

So yes, I tried all that.

All the basics have been covered. Ive worked with guys that have setup ssh on 6.22 pix's before and they are not sure why this isnt working.

So I guess my question goes deeper into more troubleshooting. What other factors on a PIX can restrict the basic SSH setup from working. There has to be other factors that can restrict it. Is it possible for an acl to prevent ssh from coming through?

Thanks,

Dave

0 Helpful
Customers Also Viewed These Support Documents