ssh remote access on Cisco ASA5510

Hi,

Can anyone help me to configure ssh remote access on the outside interface?
Ive managed to set it up easily on our PIX 506E but on the ASA its proving extremely dificult...

im sure im just fogetting something very basic but can think what???

Thanks!

Craig
LVL 3
chouckhamAsked:
Who is Participating?
 
MikkkCommented:
I think it's very similar.
But, the easyest will be doing simply (once you have the hostname and domain set):
#crypto key generate rsa
ans it will ask some questions that will then generate the key
0
 
lrmooreCommented:
ssh <yourRemoteIPaddress> 255.255.255.255 outside
aaa authentication ssh console LOCAL
username yourusername password yourpassword

You might need to generate a certificate
ca generate rsa key 1024
 
0
 
MikkkCommented:
I don't remember very well, but for accessing by ssh on it we had to create a new ssl certified (an option on security) or something like this.
0
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

 
chouckhamAuthor Commented:
Hi Irmoore,

just tried to use "ca generate rsa key 1024"

the following was displayed:
"WARNING: the 'ca' command syntax has been deprecated
Please use the 'crypto key generate' command."

so now im entering the following: (to see what options i get)

crypto key genrate rsa ?

its giving me the following options:

general-keys
label
modulus
noconfirm
usage-keys

which one should i use? - general-keys or usage-keys?

thanks! :-)
0
 
MikkkCommented:
You must first configure this hostname and domain-name in order to generate crypotokeys:

router# config term
Router(config)#hostname [name]
Router(config)#ip domain-name [name]
router(config)#crypto key generate rsa usage-keys label [router-key]
The name for the keys will be: router-key
Choose the size of the key modulus in the range of 360 to 2048 for your
Signature Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]: 1024
Choose the size of the key modulus in the range of 360 to 2048 for your
Encryption Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

router#sh ip ssh
SSH Enabled - version 1.99
Authentication timeout: 120 secs; Authentication retries: 3
router#

...I think tha's all
0
 
chouckhamAuthor Commented:
does it matter that its a cisco asa firewall and not a router as in your example?

as the "show ip ssh" command doesnt work.


0
 
chouckhamAuthor Commented:
thats it sorted!!! :)

thanks so much guys for all your help!

CRaig
0
 
MikkkCommented:
You are welcome. Pleased to help
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.