Using an ssh client – Cisco ASA 5505 User Manual

Page 745

Advertising
background image

37-5

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 37 Configuring Management Access

Configuring ASA Access for ASDM, Telnet, or SSH

Examples

The following example shows how to generate RSA keys and let a host on the inside interface with an
address of 192.168.1.2 access the ASA:

hostname(config)# crypto key generate rsa modulus 1024

hostname(config)# write memory

hostname(config)# aaa authentication ssh console LOCAL

WARNING: local database is empty! Use 'username' command to define local users.

hostname(config)# username exampleuser1 password examplepassword1

hostname(config)# ssh 192.168.1.2 255.255.255.255 inside

hostname(config)# ssh timeout 30

The following example shows how to allow all users on the 192.168.3.0 network to access the ASA on
the inside interface:

hostname(config)# ssh 192.168.3.0 255.255.255.0 inside

Using an SSH Client

In the SSH client on your management host, enter the username and password that you configured in the

“Configuring SSH Access” section on page 37-4

. When starting an SSH session, a dot (.) displays on the

ASA console before the following SSH user authentication prompt appears:

hostname(config)# .

The display of the dot does not affect the functionality of SSH. The dot appears at the console when
generating a server key or decrypting a message using private keys during SSH key exchange before user
authentication occurs. These tasks can take up to two minutes or longer. The dot is a progress indicator
that verifies that the ASA is busy and has not hung.

Note

If more than one SSH configuration session exists and the configuration operation is carried through any
file operations (such as copy, tftp, config net, context mode config file), even if it is a single CLI, it will
be blocked with the response "Command Ignored, configuration in progress...". If the CLI is directly
entered through a command prompt, it is not blocked.

Step 7

(Optional)

ssh version

version_number

Example:

hostname(config)# ssh version 2

Limits access to SSH version 1 or 2. By default, SSH allows
both versions 1 and 2.

Step 8

ssh key-exchange

{dh-group1 | dhgroup14}

Example:

hostname(config)# ssh key-exchange

dh-group14

Specifies that either the Diffie-Hellman Group 1 or
Diffie-Hellman Group 14 follows and should be used for key
exchange. Diffie-Hellman Group 1 is the default if no value is
specified.

Command

Purpose

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals