Cisco Networking

CISCO ASA – enable ssh

Reading Time: 2 minutes

You will find a more than a few tutorials on this. Remember “write mem” at the end.

The context of is that this is for our developing lab environment and we have JUST performed a factory reset and have configured the interfaces for it.

interface GigabitEthernet0/0
ip address 203.0.113.1 255.255.255.0
nameif outside
no shutdown

interface GigabitEthernet0/1
ip address 172.16.104.1 255.255.255.0
nameif inside
no shutdown

Having said that. Let’s be about it.

Step 1: define local username

ciscoasa(config)# username admin password l3tm3in

Note that the default machine name is “ciscoasa”. Here we have chosen a cheesy username and password. This is for demonstration purposes only.

Step 2: lets Define AAA lists for SSH

aaa authentication ssh console LOCAL

Step 3: If you desire an alternate host name now is a good time to give the ASA a name.

hostname ciscoasa

Step 4: define the domain name suffix.

domain-name sparelab.net

Step 5: create the key/certificate for use with SSH

crypto key generate rsa modulus 2048

You may seem something like

ciscoasa(config)# crypto key generate rsa modulus 2048
WARNING: You have a RSA keypair already defined named <Default-RSA-Key>.

Do you really want to replace them? [yes/no]: yes
Keypair generation process begin. Please wait...

Step 6: Let’s set the version of SSH we are using

ssh version 2

Step 7: Now we can tell the ASA which hosts or networks it can expect authorized traffic from. Again this for immediate use in the lab – your exact use might very a little and for security reasons lock this down to a select number of specific hosts (secure) or open it up wider to the enterprise (172.73.255.255)

ssh 172.16.104.0 255.255.255.0 inside

Step 8: Let’s write this to memory

ciscoasa# write mem
Building configuration...
Cryptochecksum: ef6e02af f31d2639 4c8c41e6 02ba4d63

2906 bytes copied in 3.190 secs (968 bytes/sec)
[OK]

You are now set!

END POST

Related posts

NMAP

Tom Hamilton

snmpwalk

Tom Hamilton

CISCO ASA – Setting up VPN Client – ASDM

Tom Hamilton