http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/config/com
mands.htm#xtocid223366
ssh
Specify a host for PIX Firewall console access via Secure Shell (SSH).
(Configuration mode.)
ssh disconnect session_id
no ssh disconnect session_id
ssh ip_address [netmask] [interface_name]
no ssh ip_address [netmask] [interface_name]
ssh timeout mm
no timeout mm
show ssh [sessions [ip_address]]
show ssh timeout
clear ssh
Syntax Description ip_address
IP address of the host or network authorized to initiate an SSH connection
to the PIX Firewall.
netmask
Network mask for ip_address. If you do not specify a netmask, the default
is 255.255.255.255 regardless of the class of ip_address.
interface_name
PIX Firewall interface name on which the host or network initiating the SSH
connection resides.
mm
The duration in minutes that a session can be idle before being
disconnected. The default duration is 5 minutes. The allowable range is from
1 to 60 minutes.
session_id
SSH session ID number available from the show ssh sessions command.
Usage Guidelines
The ssh ip_address command specifies the host or network authorized to
initiate an SSH connection to the PIX Firewall. The ssh timeout command lets
you specify the duration in minutes that a session can be idle before being
disconnected. The default duration is 5 minutes. Use the show ssh sessions
command to list all active SSH sessions on the PIX Firewall. The ssh
disconnect command lets you disconnect a specific session you observed from
the show ssh sessions command. Use the clear ssh command to remove all ssh
command statements from the configuration. Use the no ssh command to remove
selected ssh command statements from the configuration.
----------------------------------------------------------------------------
----
Note You must generate an RSA key-pair for the PIX Firewall before
clients can connect to the PIX Firewall console. To use SSH, your PIX
Firewall must have a DES or 3DES activation key.
----------------------------------------------------------------------------
----
To gain access to the PIX Firewall console via SSH, at the SSH client, enter
the username as pix and enter the Telnet password. You can set the Telnet
password with the passwd command; the default Telnet password is cisco. To
authenticate using AAA server instead, configure the aaa authenticate ssh
console command.
SSH permits up to 100 characters in a username and up to 50 characters in a
password.
When starting an SSH session, a dot (.) displays on the PIX Firewall console
before the SSH user authentication prompt appears.
The dot appears as follows:
pixfirewall(config)# .
pixfirewall(config)# .
The display of the dot does not affect the functionality of SSH. The dot
appears on at the console when generating a server key or decrypting a
message using private keys during SSH key exchange, before user
authentication occurs. These tasks can take up to two minutes or longer. The
dot is a progress indicator that verifies that the PIX Firewall is busy and
has not hung.
show ssh sessions Command
----- Original Message -----
From: "Rizzo Damian"
To:
Sent: Wednesday, June 20, 2001 12:23 PM
Subject: Telneting to the Outside Interface of a PIX [7:9218]
> It was always my understanding that you could Not telnet to the outside
> interface of a PIX firewall. I hear today that it is in
> fact possible. Is that true?
>
> Thanks,
>
> -D
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=9232&t=9218
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
