• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 6831
  • Last Modified:

Cannot connect to Cisco ASA through SSH using PuTTY

I am trying to connect to my Cisco ASA5505 through SSH using PuTTY from my inside LAN.  I can use Telnet with no problem, but I keep getting the attached error immediately upon attempting a SSH connection.  

PuTTY SSH connection error
I have done the following SSH configuration on my ASA:

crypto key generate rsa modulus 1024
ssh inside-interface inside
ssh timeout 20
ssh version 2

The authentication has also been set to go through the LOCAL database.  On the PuTTY side, Blowfish encryption has been moved ahead of AES (SSH-2 only) (I read online that this was a known issue), and SSH version 2 is set as the preferred version.  What could be causing this issue??  Have I left out something??  Someone please help me with this.
1 Solution
Jan SpringerCommented:
Do you have aaa configured?
Dustin23IT DirectorAuthor Commented:
Yes.  It has been used in production for more than a year.
do you have a domain-name set on your ASA? it is needed for rsa to work properly

hostname Name_of_ASA
domain-name Name_of_Domain ex. company.local
crypto key generate rsa modulus 1024
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

Dustin23IT DirectorAuthor Commented:
Yes that is all set as well.
What IP address are you trying to connect from. Is this on the subnet directly attached to the inside? What subnet mask are you using on the inside?
Pete LongTechnical ConsultantCommented:
What version of Operating system are you using?

Can you execute the following;

crypto key zeroize rsa
crypto key generate rsa modulus 1024
aaa authentication ssh console LOCAL
username admin password Password123 privilege 15

Then attempt to connect using those credentials

Dustin23IT DirectorAuthor Commented:
InteraX -

Yes I am trying to connect from the subnet directly connected to the inside interface.  My subnet mask is /24.
Dustin23IT DirectorAuthor Commented:
Pete -

I am using Win 7 Pro SP1.  SSH authentication is already set, but I will complete the other commands and see what happens.  Thanks!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now