Link to home
Create AccountLog in
Avatar of Wizard_Microsystems
Wizard_Microsystems

asked on

Having Trouble Configuring SSHv2 Access to a PIX

Thanks in advance -- I have added to following lines to my PIX config
ssh A.B.C.D mask i/f  (for all nodes)
ssh version 2
ssh timeout 5
I have enabled ssh with the 'ip ssh' command.
I am using TeraTerm for my telnet/ssh client.  The client sees the server and is passed the correct (v2 - ssh rsa) public key, but the client will not authenticate.  When I access using telnet and the same credentials, it works great.  What am I missing, or what do I need to do to clean this up?
Also, I have noticed that, as I am using TeraTerm for SSHv2 access to an HP switch, the length of the keys is different -- 24 bytes longer for the PIX key.  Could this be a significant factor in pointing to the fault here?  Thanks again.
ASKER CERTIFIED SOLUTION
Avatar of nodisco
nodisco
Flag of New Zealand image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of Wizard_Microsystems
Wizard_Microsystems

ASKER

I was thinking the same thing -- corrupted key.  However, there are some legacy, or what I believe to be "stale", entries in the config.  I need to confirm with my super that I can "cut the legs out" of these old entries before regenerating a new key set.
I'll update again and award points when this has been completed -- in the next day or so.  (Super is on a business trip.)  Thanks again!
no probs - good luck
> I am using TeraTerm for my telnet/ssh client.
TeraTerm does not support ssh protocol version 2, unfortunatelly
Got clearance to zeroize key.  It ended-up re-creating what appears to be the same key anyway.  It was a  "good measure" step.
The version of TeraTerm I used, Pro 4.58, does have SSHv2 capability, but was problematic in other ways.  Both PuTTY and OpenSSH worked for this case.  Thanks again!
How do you stop the key from expiring?  It will work for several weeks then just stop dead until we regenerate the key.