[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

ssh remote access on Cisco ASA5510

Posted on 2007-10-18
8
Medium Priority
?
7,767 Views
Last Modified: 2010-05-18
Hi,

Can anyone help me to configure ssh remote access on the outside interface?
Ive managed to set it up easily on our PIX 506E but on the ASA its proving extremely dificult...

im sure im just fogetting something very basic but can think what???

Thanks!

Craig
0
Comment
Question by:chouckham
  • 4
  • 3
8 Comments
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 800 total points
ID: 20105258
ssh <yourRemoteIPaddress> 255.255.255.255 outside
aaa authentication ssh console LOCAL
username yourusername password yourpassword

You might need to generate a certificate
ca generate rsa key 1024
 
0
 
LVL 8

Expert Comment

by:Mikkk
ID: 20105268
I don't remember very well, but for accessing by ssh on it we had to create a new ssl certified (an option on security) or something like this.
0
 
LVL 3

Author Comment

by:chouckham
ID: 20107357
Hi Irmoore,

just tried to use "ca generate rsa key 1024"

the following was displayed:
"WARNING: the 'ca' command syntax has been deprecated
Please use the 'crypto key generate' command."

so now im entering the following: (to see what options i get)

crypto key genrate rsa ?

its giving me the following options:

general-keys
label
modulus
noconfirm
usage-keys

which one should i use? - general-keys or usage-keys?

thanks! :-)
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
LVL 8

Expert Comment

by:Mikkk
ID: 20107420
You must first configure this hostname and domain-name in order to generate crypotokeys:

router# config term
Router(config)#hostname [name]
Router(config)#ip domain-name [name]
router(config)#crypto key generate rsa usage-keys label [router-key]
The name for the keys will be: router-key
Choose the size of the key modulus in the range of 360 to 2048 for your
Signature Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]: 1024
Choose the size of the key modulus in the range of 360 to 2048 for your
Encryption Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

router#sh ip ssh
SSH Enabled - version 1.99
Authentication timeout: 120 secs; Authentication retries: 3
router#

...I think tha's all
0
 
LVL 3

Author Comment

by:chouckham
ID: 20107494
does it matter that its a cisco asa firewall and not a router as in your example?

as the "show ip ssh" command doesnt work.


0
 
LVL 8

Accepted Solution

by:
Mikkk earned 1200 total points
ID: 20107761
I think it's very similar.
But, the easyest will be doing simply (once you have the hostname and domain set):
#crypto key generate rsa
ans it will ask some questions that will then generate the key
0
 
LVL 3

Author Comment

by:chouckham
ID: 20107808
thats it sorted!!! :)

thanks so much guys for all your help!

CRaig
0
 
LVL 8

Expert Comment

by:Mikkk
ID: 20107922
You are welcome. Pleased to help
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses
Course of the Month18 days, 19 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question