Solved

Cisco ASA - Cant logon SSH

Posted on 2015-01-27
12
115 Views
Last Modified: 2015-02-01
On a Cisco ASA using ssh, I can logon with my AD account, but I cannot log on using a username I created locally on the ASA, why not?
0
Comment
Question by:tolinrome
  • 6
  • 6
12 Comments
 
LVL 20

Expert Comment

by:netcmh
ID: 40573634
Do you have the

aaa authentication ssh console <AD> LOCAL

set?
0
 
LVL 7

Author Comment

by:tolinrome
ID: 40573640
Yes, but I am not trying to logon with an AD account. I created a local user on the ASA and just simply want to ssh into the ASA using that local account.
0
 
LVL 20

Expert Comment

by:netcmh
ID: 40573650
I understand, the authentication would try AD first and then the local database.
0
 
LVL 7

Author Comment

by:tolinrome
ID: 40573651
Then how do I get it to login?
0
 
LVL 20

Expert Comment

by:netcmh
ID: 40573688
Can you share your AAA & LOCAL config?

Also, is your ssh command configured to allow ssh from the particular host?

ssh <Inside host IP> <inside host netmask> inside
0
 
LVL 20

Expert Comment

by:netcmh
ID: 40573692
Sometimes, I've found that deleting that userid and then recreating it, helps.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 20

Expert Comment

by:netcmh
ID: 40573701
I think that since the AD is always available, you would have difficulty having the Local database step up to authenticate. It's supposed to be used for the times when AD is inaccessible and you need to get into your device.
0
 
LVL 7

Author Comment

by:tolinrome
ID: 40573736
ssh is allowed from the host, I have deleted and recreated the username as well. Thanks.
0
 
LVL 7

Accepted Solution

by:
tolinrome earned 0 total points
ID: 40573798
I decided on an alternative non Cisco related since I couldnt get it working this way.
0
 
LVL 20

Expert Comment

by:netcmh
ID: 40573816
Could you share what you mean? I'd like to know how you did it.
0
 
LVL 7

Author Comment

by:tolinrome
ID: 40573853
Sure, I sent you a private message.
0
 
LVL 7

Author Closing Comment

by:tolinrome
ID: 40582247
I decided on an alternative non Cisco related since I couldnt get it working this way.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now