US Region

Grandmetric LLC
Brookfield Place Office
200 Vesey Street
New York, NY 10281
EIN: 98-1615498
Phone: +1 302 691 94 10

EMEA Region

ul. Metalowa 5, 60-118 Poznań, Poland
NIP 7792433527
+48 61 271 04 43

Cisco ASA: SSH access to ASA

Design & Configure

Cisco ASA: SSH access to ASA

Technology: Network Security
Area: Firewalls
Vendor: Cisco
Software: 8.X, 9.X
Platform: Cisco ASA


ASA migration options


You can access the ASA appliance in a few ways. One way is telnet and ssh to Cisco ASA. To activate ssh access to ASA you need to have at least:

  • username and password which will be used in the authentication process,
  • AAA lists definition that specifies the source of authentication – they can be retrieved from Radius server, TACACS+ server or LOCAL ASA database
  • Crypto key pair defined for encrypted traffic to work

One of the confusing elements for beginners is the console word. This is an old semantic (used always and has no meaning). So to enable telnet:

Define local username and password:
ASA#configure terminal
ASA(config)#username username privilege 15 password some_password

Define AAA lists for ssh:

ASA(config)#aaa authentication ssh console LOCAL

Generate crypto key pair to use with SSH server:

ASA(config)#domain-name grandmetric.labs
ASA(config)#crypto key generate rsa general-keys modulus 1024

In addition, you can set the allowed sources, and define on which interface ssh will be allowed:

ASA(config)#ssh OUTSIDE

Hint: With ASA you can provide 0 0 which means, so the above line can be written as:

ASA(config)#ssh 0 0 OUTSIDE

Author: Marcin Bialy