[c-nsp] ASA ssh difficulties

Jonathan Brashear Jonathan.Brashear at hq.speakeasy.net
Tue Jul 14 13:18:51 EDT 2009


Nick nailed it, thanks. :)  The tech that built this firewall missed this line:
aaa authentication ssh console LOCAL 


Network Engineer, JNCIS-M
> 214-981-1954 (office) 
> 214-642-4075 (cell)
> jbrashear at hq.speakeasy.net 
http://www.speakeasy.net
-----Original Message-----
From: Nick Griffin [mailto:nick.jon.griffin at gmail.com] 
Sent: Tuesday, July 14, 2009 9:16 AM
To: Jonathan Brashear
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] ASA ssh difficulties

Make sure ssh is setup for location authentication and possibly regenerate your ssh keys:

this is what I usually do:


crypto key generate rsa general modul 2048

aaa authentication telnet console LOCAL

aaa authentication ssh console LOCAL

aaa authentication http console LOCAL

aaa authentication serial console LOCAL






Nick Griffin, CCIE #17381 
Systems Consultant Alexander Open Systems
Direct 479.899.6830 ext 2609 
AOS Scheduling - 417.888.2675

On Tue, Jul 14, 2009 at 9:05 AM, Jonathan Brashear <Jonathan.Brashear at hq.speakeasy.net> wrote:


	I'm a bit stumped on an issue I'm having with a particular 5505.  Originally it was inaccessible via ASDM or SSH, but after a reboot it began to allow access via ASDM.  However, SSH is still not working.  I've verified that the username/pass is correct(it works through the ASDM) and that SSH access is allowed from the relevant IP range(I get to a password prompt), but it refuses to accept known good passwords from multiple accounts.  It thinks the password is bad, but only when done via SSH.  I haven't run into this issue with other ASAs that are configured identically and I can login to the other ASAs from the same terminal window so it shouldn't be something to do with my terminal emulation.  Any thoughts on why this may be happening?
	
	Network Engineer, JNCIS-M
	> 214-981-1954 (office)
	> 214-642-4075 (cell)
	> jbrashear at hq.speakeasy.net
	http://www.speakeasy.net
	_______________________________________________
	cisco-nsp mailing list  cisco-nsp at puck.nether.net
	https://puck.nether.net/mailman/listinfo/cisco-nsp
	archive at http://puck.nether.net/pipermail/cisco-nsp/
	




More information about the cisco-nsp mailing list