I’m including the command line procedure here with the assumption that you are familiar with accessing and utilizing the command line in a Cisco device.
1. We have to first create and RSA key pair (this is an SSH prerequisite) by using the command:
<pre>hostname (config) # crypto key generate rsa modulus modulus_size </pre>
(*note- Cisco recommends a modulus_size of 1024 to ensure a good level of security without too much overhead)
2. We then have to save the RSA keys into the memory with the command:
<pre>hostname (config) # write mem</pre>
3. Next, we need to tell the ASA where the SSH requests will come from. This will be done using the command,
<pre>hostname (config) # ssh source_IP_address mask source_interface </pre>
(example: <pre>hostname (config) # ssh 220.127.116.11 255.255.255.0 inside</pre>)
4. The last step would be to set a session timer if it is desired. This step is not necessary, but to set a timer for the session, use command:
<pre>hostname (config) # ssh timeout minutes</pre> (example: <pre>hostname (config) # ssh timeout 30</pre> **this would allow a 30 minute window in which to connect via ssh)
An example of the entire thing is shown here:
<pre>R1 # conf t
R1 (config) # crypto key generate rsa modulus 1024
R1 (config) # write mem
R1 (config) # ssh 192.168.1.2 255.255.255.0 inside
R1 (config) # ssh timeout 30</pre>
In a nutshell, this would allow the local host with IP address, 192.168.1.2, to connect via ssh for an increment of 30 minutes. If the address were changed to 192.168.1.0, any local host on the network would be able to connect via ssh.
Hope This Helps!
NetLock IT Systems