SSH Configuration on Cisco ASA 9.x

June 3, 2017

IT Network

,

1. Overview

 

Normally, Network Administrators sit on their desk and work with network devices using remote SSH from their computer. It is just sometime that they have to connect the console and work directly the the network devices.

In this tutorial will guide you about how to configure SSH remote management on Cisco ASA firewall version 9.x.

2. Prerequisites

 

In this article, it is presumed that:

a. You have already configured an IP address on the ASA firewall
b. You have a direct console access to ASA firewall

3. Configure SSH Remote Management

 

We can start with creating a user on Cisco router or switch. Login to the router or switch with the console and execute the following commands in the terminal.

# conf t
# username netadmin password 1111 privilege 15

Next step is the the enable password

# enable password 2222

Next, we need to create a domain name for router or switch, and the generate the encryption key.

# crypto key generate rsa modulus 2048
WARNING: You have a RSA keypair already defined named <Default-RSA-Key>.

Do you really want to replace them? [yes/no]: yes
Keypair generation process begin. Please wait…

Now, we need to specify only a particular hosts or network to do the remote management via “inside” interface to Cisco ASA firewall using SSH.

# ssh 192.168.171.0 255.255.255.0 inside

We should only use SSH version 2 in to remote to any of our network devices.

# ssh version 2
# sh ssh
Timeout: 5 minutes
Version allowed: 2
192.168.171.0 255.255.255.0 inside

Finally, we need configure Cisco ASA to use local username to authenticate with SSH.

# aaa authentication ssh console LOCAL

4. Test Remote SSH

 

Start Putty program and enter the management IP address of the switch to do the remote SSH and we should get a successful result as the following.

5. Conclusion

 

Now you should be able to remote SSH to your Cisco ASA firewall remotely from your working desk without directly console with the device. If you have any questions or suggestions you can always leave your comments below. I will try all of my best to review and reply them.

Comments

comments

Related posts:

Tacacs+ Configuration on Cisco Switch and Router Configuring Active/Standby Failover on Cisco ASA 9.x Site-to-Site IPSec VPN With Duplicated Local IP Subnet on Cisco ASA Firewalls IOS Version 9.x Configuring Cisco AnyConnect Remote Access VPN on ASA 9.x