Solved

Cisco ASA - Cant logon SSH

Posted on 2015-01-27
12
123 Views
Last Modified: 2015-02-01
On a Cisco ASA using ssh, I can logon with my AD account, but I cannot log on using a username I created locally on the ASA, why not?
0
Comment
Question by:tolinrome
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
12 Comments
 
LVL 20

Expert Comment

by:netcmh
ID: 40573634
Do you have the

aaa authentication ssh console <AD> LOCAL

set?
0
 
LVL 7

Author Comment

by:tolinrome
ID: 40573640
Yes, but I am not trying to logon with an AD account. I created a local user on the ASA and just simply want to ssh into the ASA using that local account.
0
 
LVL 20

Expert Comment

by:netcmh
ID: 40573650
I understand, the authentication would try AD first and then the local database.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 7

Author Comment

by:tolinrome
ID: 40573651
Then how do I get it to login?
0
 
LVL 20

Expert Comment

by:netcmh
ID: 40573688
Can you share your AAA & LOCAL config?

Also, is your ssh command configured to allow ssh from the particular host?

ssh <Inside host IP> <inside host netmask> inside
0
 
LVL 20

Expert Comment

by:netcmh
ID: 40573692
Sometimes, I've found that deleting that userid and then recreating it, helps.
0
 
LVL 20

Expert Comment

by:netcmh
ID: 40573701
I think that since the AD is always available, you would have difficulty having the Local database step up to authenticate. It's supposed to be used for the times when AD is inaccessible and you need to get into your device.
0
 
LVL 7

Author Comment

by:tolinrome
ID: 40573736
ssh is allowed from the host, I have deleted and recreated the username as well. Thanks.
0
 
LVL 7

Accepted Solution

by:
tolinrome earned 0 total points
ID: 40573798
I decided on an alternative non Cisco related since I couldnt get it working this way.
0
 
LVL 20

Expert Comment

by:netcmh
ID: 40573816
Could you share what you mean? I'd like to know how you did it.
0
 
LVL 7

Author Comment

by:tolinrome
ID: 40573853
Sure, I sent you a private message.
0
 
LVL 7

Author Closing Comment

by:tolinrome
ID: 40582247
I decided on an alternative non Cisco related since I couldnt get it working this way.
0

Featured Post

Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question