PIX 501 - Cannot connect remotely via SSH using PuTTY

I have several sites using a PIX 501, I can hit the outside interface using SSH on PuTTY from the main office with no problem, but from this one pix I cannot. Config is as follows:

PIX Version 6.3(4)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password encrypted
passwd encrypted
hostname ******Pix
domain-name ****.org
clock timezone AKST -9
clock summer-time AKDT recurring
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol pptp 1723
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
<--- More --->
 fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
name DMall
name LaurelST
pager lines 24
icmp permit any inside
mtu outside 1485
mtu inside 1485
ip address outside pppoe setroute
ip address inside
ip audit info action alarm
ip audit attack action alarm
pdm location DMall inside
pdm location LaurelST outside
pdm location LaurelST inside
pdm location outside
<--- More --->
 pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0 0
access-group LaurelST_access in interface inside
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http LaurelST inside
http DMall inside
no snmp-server location
no snmp-server contact
snmp-server community public
<--- More --->
 no snmp-server enable traps
floodguard enable
sysopt connection tcpmss 1300
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map outside_map 20 ipsec-isakmp
crypto map outside_map 20 match address outside_cryptomap_20
crypto map outside_map 20 set peer
crypto map outside_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map interface outside
isakmp enable outside
isakmp key ******** address netmask no-xauth no-config-mode
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash sha
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
telnet DMall inside
telnet LaurelST inside
telnet timeout 5
ssh outside
ssh timeout 60
console timeout 0
vpdn group pppoe_group request dialout pppoe
<--- More --->
 vpdn group pppoe_group localname *******@**********.net
vpdn group pppoe_group ppp authentication pap
vpdn username ***********@*************** password *********
dhcpd lease 3600
dhcpd ping_timeout 750
terminal width 80

: end

Everywhere that the IP is listed as is my company's external IP from the main office.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I am assuming that when you say "but from this one pix I cannot", it means, that from the main office you cannot SSH to the PIX501 for which you have pasted the config above? If yes, then follow these steps:

1) Regenerate you SSH keys, make sure to do "ca save all" after you regenerate them
2) There is a command something to the effect of "aaa-server SSH authentication console LOCAL" OR "ssh authentication LOCAL", something like that, I don't have access to a PIX6.3 otherwise I would tell you the exact command.

Let me know if this works :-).
You dont need to do step 2 above....and I see you allow all to ssh to your outside interface.  You probably want to lock that down.  (use the IP or range you will be comming FROM...ssh outside ...etc for a host.

haywardmjAuthor Commented:
What is the proccess to regenerate  SSH keys and can I do this without bringing down the pix? I will lock down the ssh using my ip at the main center. the address is just all zeros in this post for security's sake. I am assuming that command is

ssh outside (ip of course will be different)
it something like "ca generate rsa xx xx xx", I don't exactly remember but definitely starts with ca. OR try "crypto key generate xxx xx"

Hope this helps :-).
Just type : (at the configure prompt)

ca generate rsa key 512


ca save all

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.