Configuring SSH in Cisco ASA 5520

5 pts.
Tags:
Cisco ASA
Cisco ASA 5520
Cisco Configuration
SSH Configuration
how i can configure ssh in cisco ASA 5520?
ASKED: September 19, 2011  11:43 AM
UPDATED: March 31, 2012  4:04 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

Hello,

I’m including the command line procedure here with the assumption that you are familiar with accessing and utilizing the command line in a Cisco device.

1. We have to first create and RSA key pair (this is an SSH prerequisite) by using the command:
<pre>hostname (config) # crypto key generate rsa modulus modulus_size </pre>
(*note- Cisco recommends a modulus_size of 1024 to ensure a good level of security without too much overhead)

2. We then have to save the RSA keys into the memory with the command:
<pre>hostname (config) # write mem</pre>

3. Next, we need to tell the ASA where the SSH requests will come from. This will be done using the command,
<pre>hostname (config) # ssh source_IP_address mask source_interface </pre>
(example: <pre>hostname (config) # ssh 16.3.2.54 255.255.255.0 inside</pre>)

4. The last step would be to set a session timer if it is desired. This step is not necessary, but to set a timer for the session, use command:
<pre>hostname (config) # ssh timeout minutes</pre> (example: <pre>hostname (config) # ssh timeout 30</pre> **this would allow a 30 minute window in which to connect via ssh)

An example of the entire thing is shown here:
<pre>R1 # conf t
R1 (config) # crypto key generate rsa modulus 1024
R1 (config) # write mem
R1 (config) # ssh 192.168.1.2 255.255.255.0 inside
R1 (config) # ssh timeout 30</pre>

In a nutshell, this would allow the local host with IP address, 192.168.1.2, to connect via ssh for an increment of 30 minutes. If the address were changed to 192.168.1.0, any local host on the network would be able to connect via ssh.

Hope This Helps!

Paul,
NetLock IT Systems

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following