Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3177
Views
10
Helpful
7
Replies

how can I allow an IP to ssh to asa5520?

julxu
Level 1
Level 1

‎10-23-2006 09:43 PM

only management interface is up

interface Management0/0

security-level 100

ip address 10.1.1.1 255.255.255.0

management-only

ssh my.ip.addr 255.255.255.255 management

and when I try to do ssh, it give me error:

ssh_exchange_identification: Connection closed by remote host.

Do I did wrong?

any comments will be appreciated

Thanks in advance.

Labels:
0 Helpful
7 Replies 7

ajagadee
Cisco Employee
Cisco Employee

‎10-23-2006 09:53 PM

Hi,

Did you generate the RSA Keys before you tried SSHing into the ASA. If not, generate the RSA keys and then try to ssh into ASA

Generating RSA Keys:

ca generate rsa key 1024

ca save all

Let me know if it helps.

Regards,

Arul

0 Helpful

julxu
Level 1
Level 1
In response to ajagadee

‎10-23-2006 10:29 PM

(config)#ca generate rsa key 1024

WARNING: the 'ca' command syntax has been deprecated

Please use the 'crypto key generate' command(config)# crytp key generate rsa modulus 1024

INFO: The name for the keys will be:

Keypaire generation process begin. Please wait....

So, where I can find the file

the "ca save all" can not do also.

0 Helpful

ajagadee
Cisco Employee
Cisco Employee
In response to julxu

‎10-23-2006 10:35 PM

Hi,

You can do a "show crypto key mypubkey rsa" to look at the RSA Keys.

Please refer the below URL for details

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_1/conf_gd/mgaccess.htm#wp1042023

Let me know if it helps.

Regards,

Arul

julxu
Level 1
Level 1
In response to ajagadee

‎10-23-2006 10:40 PM

(config)#ca generate rsa key 1024

WARNING: the 'ca' command syntax has been deprecated

Please use the 'crypto key generate' command(config)# crytp key generate rsa modulus 1024

INFO: The name for the keys will be:

Keypaire generation process begin. Please wait....

So, where I can find the file

the "ca save all" can not do also.

0 Helpful

jwalker
Level 3
Level 3
In response to julxu

‎10-24-2006 07:29 AM

For 7.X, the commands are different... Here is how to generate ssh keys in 7.X

1. crypto key xxx rsa (clears old keys)

2. crypto key generate rsa usage-keys noconfirm (generates new keys)

3. write mem (saves keys)

** Also, be sure you are allowing ssh from the source..

EX. ssh 172.16.1.0 255.255.255.0 inside

pls rate if this helps

julxu
Level 1
Level 1
In response to jwalker

‎10-24-2006 03:51 PM

I have got prompt for password.

but, after I put password, it return erroer:

Permission denied, please try again.

after three tries, it finally gave "Unable to find an authentication method"

0 Helpful

Peter Long
Level 1
Level 1

‎06-28-2017 01:01 AM

Old post but see

Pete
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents