US Region

Grandmetric LLC
Lewes DE 19958
16192 Coastal Hwy USA
EIN: 98-1615498
+1 302 691 94 10

EMEA Region

ul. Metalowa 5, 60-118 Poznań, Poland
NIP 7792433527
+48 61 271 04 43


Grandmetric LTD
Office 584b
182-184 High Street North
E6 2JA
+44 20 3321 5276

  • en
  • pl
  • Cisco ASA: SSH access to ASA

    Design & Configure

    Cisco ASA: SSH access to ASA

    Technology: Network Security
    Area: Firewalls
    Vendor: Cisco
    Software: 8.X, 9.X
    Platform: Cisco ASA



    Ready to migrate from ASA to a supported firewall solution


    You can access the ASA appliance in a few ways. One way is telnet and ssh to Cisco ASA. To activate ssh access to ASA you need to have at least:

    • username and password which will be used in the authentication process,
    • AAA lists definition that specifies the source of authentication – they can be retrieved from Radius server, TACACS+ server or LOCAL ASA database
    • Crypto key pair defined for encrypted traffic to work

    One of the confusing elements for beginners is the console word. This is an old semantic (used always and has no meaning). So to enable telnet:

    Define local username and password:
    ASA#configure terminal
    ASA(config)#username username privilege 15 password some_password

    Define AAA lists for ssh:

    ASA(config)#aaa authentication ssh console LOCAL

    Generate crypto key pair to use with SSH server:

    ASA(config)#domain-name grandmetric.labs
    ASA(config)#crypto key generate rsa general-keys modulus 1024

    In addition, you can set the allowed sources, and define on which interface ssh will be allowed:

    ASA(config)#ssh OUTSIDE

    Hint: With ASA you can provide 0 0 which means, so the above line can be written as:

    ASA(config)#ssh 0 0 OUTSIDE

    Author: Marcin Bialy