SSH access PIX 501

I am trying to gain access to the pix 501 ssh port and I am
getting the following message:

login as: john
Sent username "john"
john@192.168.5.1's password:
Access denied
john@192.168.5.1's password:
Access denied
john@192.168.5.1's password:


john username has privileged level 15 account and
is accessing the ssh from 192.168.5.2 and password
is also inputted correctly.

cli entries

access from 192.168.5.2.
ssh 192.168.5.2 255.255.255.255 inside
ssh timeout 60

There is not problem accessing the PDM and Telnet from
192.168.5.2
Any suggestions.

Thanks,



snoozeitAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

harbor235Commented:


Perhaps there has been a config change? Does this device use TACACS or RADIUS?
Maybe the TAC/RADIUS server is down.

Password recovery:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_password_recovery09186a008009478b.shtml

harbor235 ;}
0
snoozeitAuthor Commented:
There is no Radius or tac server. I can console in so I don't need to recover passwords. Any
Commands I may be missing.

Thanks,
0
harbor235Commented:


Has SSH ever worked? you may need to generate the ssh RSA keys, try this;

From console access !!!
First remove any old ssh keys:

crypto key zeroize rsa

Hostname <insert_hostname>
Domain-name domainname.cisco.com
Ca gen rsa key 1024
Ssh 0.0.0.0 0.0.0.0 outside (or restrict to particular addresses)
Ssh timeout 60
Passwd cisco (or whatever)
Wr mem

harbor235 ;}
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

snoozeitAuthor Commented:
I am using pix os 6.3.5 and it does not recognize the command crypto key zeroize rsa.
Is there a way I can enable the auto complete tab feature or is it non existent in the os.

Thanks,
0
snoozeitAuthor Commented:
I figured it out using debugs. It uses pix as a username instead  of the username and password  inputted in the cli, pix os is weird.
The command for pix os 635 to remove old keys is ca zeroize rsa.
Still looking for the auto complete tab feature turn on button (ie command).

Thanks,

0
piwowarcCommented:
PIX differs from normal IOS. At first I tried Tab a lot too. Try ? after part of the command like show ? etd.

You don't have radius or tacacs. Did you w set authenticaion to be local?

pix(config)#aaa authentication ssh console LOCAL

Cheers


0
snoozeitAuthor Commented:
thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.