Re: [c-nsp] ASA ssh difficulties

Tue, 14 Jul 2009 11:41:18 -0700 

Nick nailed it, thanks. :)  The tech that built this firewall missed this line:
aaa authentication ssh console LOCAL 


Network Engineer, JNCIS-M
> 214-981-1954 (office) 
> 214-642-4075 (cell)
> jbrash...@hq.speakeasy.net 
http://www.speakeasy.net
-----Original Message-----
From: Nick Griffin [mailto:nick.jon.grif...@gmail.com] 
Sent: Tuesday, July 14, 2009 9:16 AM
To: Jonathan Brashear
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] ASA ssh difficulties

Make sure ssh is setup for location authentication and possibly regenerate your 
ssh keys:

this is what I usually do:


crypto key generate rsa general modul 2048

aaa authentication telnet console LOCAL

aaa authentication ssh console LOCAL

aaa authentication http console LOCAL

aaa authentication serial console LOCAL






Nick Griffin, CCIE #17381 
Systems Consultant Alexander Open Systems
Direct 479.899.6830 ext 2609 
AOS Scheduling - 417.888.2675

On Tue, Jul 14, 2009 at 9:05 AM, Jonathan Brashear 
<jonathan.brash...@hq.speakeasy.net> wrote:


        I'm a bit stumped on an issue I'm having with a particular 5505.  
Originally it was inaccessible via ASDM or SSH, but after a reboot it began to 
allow access via ASDM.  However, SSH is still not working.  I've verified that 
the username/pass is correct(it works through the ASDM) and that SSH access is 
allowed from the relevant IP range(I get to a password prompt), but it refuses 
to accept known good passwords from multiple accounts.  It thinks the password 
is bad, but only when done via SSH.  I haven't run into this issue with other 
ASAs that are configured identically and I can login to the other ASAs from the 
same terminal window so it shouldn't be something to do with my terminal 
emulation.  Any thoughts on why this may be happening?
        
        Network Engineer, JNCIS-M
        > 214-981-1954 (office)
        > 214-642-4075 (cell)
        > jbrash...@hq.speakeasy.net
        http://www.speakeasy.net
        _______________________________________________
        cisco-nsp mailing list  cisco-nsp@puck.nether.net
        https://puck.nether.net/mailman/listinfo/cisco-nsp
        archive at http://puck.nether.net/pipermail/cisco-nsp/
        


_______________________________________________
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Reply via email to