DBTN Blog - Enabling SSH to your Cisco ASA Firewall

Enabling SSH to your Cisco ASA Firewall

Donald Simmons
2018-03-03
12 Comments

Its important to mention this will work on either inside or outside interfaces, but you should preferably only have this available to the inside, unless you're able to identify a very small number of IPs that are permitted externally. Check here to see Known SSH Vulnerabilities. Step 1 Creating an enable password

DBTN-ASA(config)# enable password Password1
DBTN-ASA(config)# username dbtn password Password1 privilege 15

Step 2 Defining which IPs are permitted

DBTN-ASA(config)# ssh 10.10.83.0 255.255.255.0 inside

Step 3 Define a domain-name

DBTN-ASA(config)# domain-name dontblamethenetwork.com

Step 4 Generate your rsa key

DBTN-ASA(config)# crypto key generate rsa modulus 2048

Step 5 Tie your authentication method to local logins LOCAL is a predefined keyword to look at device level logins

DBTN-ASA(config)# aaa authentication ssh console LOCAL

Thats it! SSH in and you're in business!

Don't Blame The Network

Enabling SSH to your Cisco ASA Firewall

Search

Top 5 Tags

Recent Posts

Nonoverlapping Wi-Fi channels

Verify IP parameters for Client OS (Windows, Mac OS, Linux)

CCNA 200-301 Servers Explained

CCNA 200-301 Endpoints Explained

CCNA 200-301 Wireless Controllers Explained

Tags