Introduction:
This document explains about the issues faced in accessing ASA through SSH.
Problem:
After making the following configuration on ASA still SSH access does not work fine:ssh 10.60.0.0 255.255.0.0 outside
ssh 10.60.0.0 255.255.0.0 dmz
ssh 10.60.0.0 255.255.0.0 inside
ssh timeout 5
How can we solve this SSH access issue?
Solution:
Perform the following configuration to have successful SSH access to the ASA:
1) You need a public/private keypair configured:
asa(config)# crypto key generate rsa general-keys modulus 2048
2) Must have a username:
asa(config)# username testuser password testpass
and the system should know where your useraccounts are:
asa(config)# aaa authentication ssh console LOCAL
3)Configuration to choose the SSH version(SSHv2):
asa(config)# ssh version 2
Reference:
http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/69373-ssh-inside-out-pix7x.html
Source:
https://supportforums.cisco.com/discussion/11581111/how-enable-ssh-asa-5525
https://supportforums.cisco.com/discussion/11316931/cannot-ssh-telnet-cisco-asa-5580