?
Solved

Cisco ASA - Cant logon SSH

Posted on 2015-01-27
12
Medium Priority
?
125 Views
Last Modified: 2015-02-01
On a Cisco ASA using ssh, I can logon with my AD account, but I cannot log on using a username I created locally on the ASA, why not?
0
Comment
Question by:tolinrome
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
12 Comments
 
LVL 21

Expert Comment

by:netcmh
ID: 40573634
Do you have the

aaa authentication ssh console <AD> LOCAL

set?
0
 
LVL 7

Author Comment

by:tolinrome
ID: 40573640
Yes, but I am not trying to logon with an AD account. I created a local user on the ASA and just simply want to ssh into the ASA using that local account.
0
 
LVL 21

Expert Comment

by:netcmh
ID: 40573650
I understand, the authentication would try AD first and then the local database.
0
Four New Appliances. Same Industry-leading Speeds.

But don't take it from us.  The Firebox M370 is Miercom tested and Miercom approved, outperforming its competitors for stateless and stateful traffic throughput scenarios.  Learn more about the M370, M470, M570 and M670 and find the right solution for your organization today!

 
LVL 7

Author Comment

by:tolinrome
ID: 40573651
Then how do I get it to login?
0
 
LVL 21

Expert Comment

by:netcmh
ID: 40573688
Can you share your AAA & LOCAL config?

Also, is your ssh command configured to allow ssh from the particular host?

ssh <Inside host IP> <inside host netmask> inside
0
 
LVL 21

Expert Comment

by:netcmh
ID: 40573692
Sometimes, I've found that deleting that userid and then recreating it, helps.
0
 
LVL 21

Expert Comment

by:netcmh
ID: 40573701
I think that since the AD is always available, you would have difficulty having the Local database step up to authenticate. It's supposed to be used for the times when AD is inaccessible and you need to get into your device.
0
 
LVL 7

Author Comment

by:tolinrome
ID: 40573736
ssh is allowed from the host, I have deleted and recreated the username as well. Thanks.
0
 
LVL 7

Accepted Solution

by:
tolinrome earned 0 total points
ID: 40573798
I decided on an alternative non Cisco related since I couldnt get it working this way.
0
 
LVL 21

Expert Comment

by:netcmh
ID: 40573816
Could you share what you mean? I'd like to know how you did it.
0
 
LVL 7

Author Comment

by:tolinrome
ID: 40573853
Sure, I sent you a private message.
0
 
LVL 7

Author Closing Comment

by:tolinrome
ID: 40582247
I decided on an alternative non Cisco related since I couldnt get it working this way.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
This program is used to assist in finding and resolving common problems with wireless connections.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question