asked on

SSH access PIX 501

I am trying to gain access to the pix 501 ssh port and I am
getting the following message:

login as: john
Sent username "john"
john@192.168.5.1's password:
Access denied
john@192.168.5.1's password:
Access denied
john@192.168.5.1's password:

john username has privileged level 15 account and
is accessing the ssh from 192.168.5.2 and password
is also inputted correctly.

cli entries

access from 192.168.5.2.
ssh 192.168.5.2 255.255.255.255 inside
ssh timeout 60

There is not problem accessing the PDM and Telnet from
192.168.5.2
Any suggestions.

Thanks,

harbor235

Perhaps there has been a config change? Does this device use TACACS or RADIUS?
Maybe the TAC/RADIUS server is down.

Password recovery:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_password_recovery09186a008009478b.shtml

harbor235 ;}

snoozeit

ASKER

There is no Radius or tac server. I can console in so I don't need to recover passwords. Any
Commands I may be missing.

Thanks,

ASKER CERTIFIED SOLUTION

harbor235

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

snoozeit

ASKER

I am using pix os 6.3.5 and it does not recognize the command crypto key zeroize rsa.
Is there a way I can enable the auto complete tab feature or is it non existent in the os.

Thanks,

snoozeit

ASKER

I figured it out using debugs. It uses pix as a username instead of the username and password inputted in the cli, pix os is weird.
The command for pix os 635 to remove old keys is ca zeroize rsa.
Still looking for the auto complete tab feature turn on button (ie command).

Thanks,

piwowarc

PIX differs from normal IOS. At first I tried Tab a lot too. Try ? after part of the command like show ? etd.

You don't have radius or tacacs. Did you w set authenticaion to be local?

pix(config)#aaa authentication ssh console LOCAL

Cheers

snoozeit

ASKER

thanks