Knowledge Base

Design & Configure

Cisco ASA: SSH access to ASA

Technology: Network Security
Area: Firewalls
Vendor: Cisco
Software: 8.X, 9.X
Platform: Cisco ASA

You can access the ASA appliance in few ways. One way is telnet and ssh to Cisco ASA. To activate ssh access to ASA you need to have at least:

  • username and password which will be used in authentication process,
  • AAA lists definition that specifies the source of authentication – they can be retrieved fromRadius server, TACACS+ server or LOCAL ASA database
  • Crypto key pair defined for encrypted traffic to work

The one of the confusing elements for beginners is the console word. This is an old semantic (used always and has no meaning). So to enable telnet:

Define local username and password:
ASA#configure terminal
ASA(config)#username username privilege 15 password some_password

Define AAA lists for ssh:

ASA(config)#aaa authentication ssh console LOCAL

Generate crypto key pair to use with SSH server:

ASA(config)#domain-name grandmetric.labs
ASA(config)#crypto key generate rsa general-keys modulus 1024

In addition you can set the allowed sources, and define on which interface ssh will be allowed:

ASA(config)#ssh OUTSIDE

Hint: With ASA you can provide 0 0 that means, so above line can be written as:

ASA(config)#ssh 0 0 OUTSIDE

Author: Marcin Bialy