CISCO ASA – enable ssh

Reading Time: 2 minutes

You will find a more than a few tutorials on this. Remember “write mem” at the end.

The context of is that this is for our developing lab environment and we have JUST performed a factory reset and have configured the interfaces for it.

interface GigabitEthernet0/0
ip address
nameif outside
no shutdown

interface GigabitEthernet0/1
ip address
nameif inside
no shutdown

Having said that. Let’s be about it.

Step 1: define local username

ciscoasa(config)# username admin password l3tm3in

Note that the default machine name is “ciscoasa”. Here we have chosen a cheesy username and password. This is for demonstration purposes only.

Step 2: lets Define AAA lists for SSH

aaa authentication ssh console LOCAL

Step 3: If you desire an alternate host name now is a good time to give the ASA a name.

hostname ciscoasa

Step 4: define the domain name suffix.


Step 5: create the key/certificate for use with SSH

crypto key generate rsa modulus 2048

You may seem something like

ciscoasa(config)# crypto key generate rsa modulus 2048
WARNING: You have a RSA keypair already defined named <Default-RSA-Key>.

Do you really want to replace them? [yes/no]: yes
Keypair generation process begin. Please wait...

Step 6: Let’s set the version of SSH we are using

ssh version 2

Step 7: Now we can tell the ASA which hosts or networks it can expect authorized traffic from. Again this for immediate use in the lab – your exact use might very a little and for security reasons lock this down to a select number of specific hosts (secure) or open it up wider to the enterprise (

ssh inside

Step 8: Let’s write this to memory

ciscoasa# write mem
Building configuration...
Cryptochecksum: ef6e02af f31d2639 4c8c41e6 02ba4d63

2906 bytes copied in 3.190 secs (968 bytes/sec)

You are now set!


This entry was posted in Cisco, Networking. Bookmark the permalink.