You will find a more than a few tutorials on this. Remember “write mem” at the end.
The context of is that this is for our developing lab environment and we have JUST performed a factory reset and have configured the interfaces for it.
interface GigabitEthernet0/0 ip address 203.0.113.1 255.255.255.0 nameif outside no shutdown interface GigabitEthernet0/1 ip address 172.16.104.1 255.255.255.0 nameif inside no shutdown
Having said that. Let’s be about it.
Step 1: define local username
ciscoasa(config)# username admin password l3tm3in
Note that the default machine name is “ciscoasa”. Here we have chosen a cheesy username and password. This is for demonstration purposes only.
Step 2: lets Define AAA lists for SSH
aaa authentication ssh console LOCAL
Step 3: If you desire an alternate host name now is a good time to give the ASA a name.
Step 4: define the domain name suffix.
Step 5: create the key/certificate for use with SSH
crypto key generate rsa modulus 2048
You may seem something like
ciscoasa(config)# crypto key generate rsa modulus 2048 WARNING: You have a RSA keypair already defined named <Default-RSA-Key>. Do you really want to replace them? [yes/no]: yes Keypair generation process begin. Please wait...
Step 6: Let’s set the version of SSH we are using
ssh version 2
Step 7: Now we can tell the ASA which hosts or networks it can expect authorized traffic from. Again this for immediate use in the lab – your exact use might very a little and for security reasons lock this down to a select number of specific hosts (secure) or open it up wider to the enterprise (126.96.36.199)
ssh 172.16.104.0 255.255.255.0 inside
Step 8: Let’s write this to memory
ciscoasa# write mem Building configuration... Cryptochecksum: ef6e02af f31d2639 4c8c41e6 02ba4d63 2906 bytes copied in 3.190 secs (968 bytes/sec) [OK]
You are now set!