RE: must I have aaa server to configure SSH on PIX? [7:62008]
Configure the aaa, but use local login. You do need the aaa configuration for SSH to work. Doug -Original Message- From: Richard Campbell [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 28, 2003 12:07 AM To: [EMAIL PROTECTED] Subject: must I have aaa server to configure SSH on PIX? [7:62008] Hi.. I want to configure SSH on PIX 515 which has DES enabled. I saw the configuration as follows. But the problem is I don't have the aaa server in my network? Can I still implement SSH without aaa server. I configured it without the aaa command line, but it doesn't works. How should I do? Thanks a lot..!! pix#conf t pix(config)# pix(config)#domain domain_name pix(config)#ca generate rsa key 1024 pix(config)# ca save all pix(config)# ssh ip_address subnet_mask interface pix(config)# aaa-server RadiusServer_name (inside) host ip_address MySecure --aaa pix(config)# aaa-server RadiusServer_name protocol radius ---aaa pix(config)# aaa authenticate ssh console RadiusServer_name ---aaa Pix(config)# exit _ Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62017t=62008 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: must I have aaa server to configure SSH on PIX? [7:62008]
Do this on the Pix, in configuration mode: hostname domain ca zeroize rsa ca generate rsa key 1024 ca save all ssh 209.100.11.0 255.255.255.0 outside ssh 0.0.0.0 0.0.0.0 inside passwd enable password write mem Now when you SSH into the Pix, SSH version 1 only, the username will be pix and the password will be the password in the passwd . If use ssh from a linux machine, make sure you do this: ssh -c des -l pix Enjoy Richard Campbell wrote:Hi.. I want to configure SSH on PIX 515 which has DES enabled. I saw the configuration as follows. But the problem is I don't have the aaa server in my network? Can I still implement SSH without aaa server. I configured it without the aaa command line, but it doesn't works. How should I do? Thanks a lot..!! pix#conf t pix(config)# pix(config)#domain domain_name pix(config)#ca generate rsa key 1024 pix(config)# ca save all pix(config)# ssh ip_address subnet_mask interface pix(config)# aaa-server RadiusServer_name (inside) host ip_address MySecure --aaa pix(config)# aaa-server RadiusServer_name protocol radius ---aaa pix(config)# aaa authenticate ssh console RadiusServer_name ---aaa Pix(config)# exit _ Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62032t=62008 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
must I have aaa server to configure SSH on PIX? [7:62008]
Hi.. I want to configure SSH on PIX 515 which has DES enabled. I saw the configuration as follows. But the problem is I don't have the aaa server in my network? Can I still implement SSH without aaa server. I configured it without the aaa command line, but it doesn't works. How should I do? Thanks a lot..!! pix#conf t pix(config)# pix(config)#domain domain_name pix(config)#ca generate rsa key 1024 pix(config)# ca save all pix(config)# ssh ip_address subnet_mask interface pix(config)# aaa-server RadiusServer_name (inside) host ip_address MySecure --aaa pix(config)# aaa-server RadiusServer_name protocol radius ---aaa pix(config)# aaa authenticate ssh console RadiusServer_name ---aaa Pix(config)# exit _ Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62008t=62008 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]