can't login to Cisco ASA via ssh
Posted on 2011-04-25
When trying to login via ssh, I get challenged for password, but it always says authentication failure. If I change the aaa auth to a RADIUS server instead of local user, it allows login. ASDM access via the same user authenticates correctly. The IP is in the allow list. There are no failed login messages in the logging (I have it set to debug). What am I missing?
Here's a snip of the config:
ssh 172.16.xxx.xxx 255.255.255.255 outside
ssh timeout 60
ssh version 2
aaa-server radius protocol radius
aaa-server radius (inside) host 172.16.xxx.xxx
aaa-server radius (outside) host 172.16.xxx.xxx
aaa authentication serial console LOCAL
aaa authentication ssh console radius LOCAL
http server enable
username tester password Rfw82ualmh0VG/Ml encrypted
username tester attributes
There are no routing/networking issues, and the permitted IP is being seen, as I am being challenged for authentication.