US Region

Grandmetric LLC
Brookfield Place Office
200 Vesey Street
New York, NY 10281
EIN: 98-1615498
+1 302 691 94 10

EMEA Region

ul. Metalowa 5, 60-118 Poznań, Poland
NIP 7792433527
+48 61 271 04 43

  • en
  • pl
  • Cisco ASA: SSH access to ASA

    Design & Configure

    Cisco ASA: SSH access to ASA

    Technology: Network Security
    Area: Firewalls
    Vendor: Cisco
    Software: 8.X, 9.X
    Platform: Cisco ASA


    ASA migration options


    You can access the ASA appliance in a few ways. One way is telnet and ssh to Cisco ASA. To activate ssh access to ASA you need to have at least:

    • username and password which will be used in the authentication process,
    • AAA lists definition that specifies the source of authentication – they can be retrieved from Radius server, TACACS+ server or LOCAL ASA database
    • Crypto key pair defined for encrypted traffic to work

    One of the confusing elements for beginners is the console word. This is an old semantic (used always and has no meaning). So to enable telnet:

    Define local username and password:
    ASA#configure terminal
    ASA(config)#username username privilege 15 password some_password

    Define AAA lists for ssh:

    ASA(config)#aaa authentication ssh console LOCAL

    Generate crypto key pair to use with SSH server:

    ASA(config)#domain-name grandmetric.labs
    ASA(config)#crypto key generate rsa general-keys modulus 1024

    In addition, you can set the allowed sources, and define on which interface ssh will be allowed:

    ASA(config)#ssh OUTSIDE

    Hint: With ASA you can provide 0 0 which means, so the above line can be written as:

    ASA(config)#ssh 0 0 OUTSIDE

    Author: Marcin Bialy