ASA/Pix – Enable SSH via CLI

Enabling SSH via CLI is faster and easier than navigating Cisco’s ASDM. This assumes that you already have a local user account created, then use the three steps below to quickly get it done:

1) Specify that the ASA use a local account to authenticate SSH connections

aaa authentication ssh console LOCAL

 

2) Generate a 2048 bit RSA key pair for the firewall

ASA
crypto key generate rsa modulus 2048
wr mem

PIX
ca generate rsa key 2048
ca save all

 

3) Specify the hosts or networks allowed to connect to each interface.

ssh 192.168.1.0 255.255.255.0 inside
ssh 4.4.4.4 255.255.255.255 outside

Leave a Reply

Your email address will not be published. Required fields are marked *


*