Update: Securing Cisco ASA SSH server
Enabling SSH has been covered here but it only talked about routers and switches. How about Cisco ASA? Today, I had to learn how to do it using CLI and not ASDM since I couldn’t find where the equivalent of aaa authentication ssh console LOCAL and crypto key gen rsa mod 4096 in the ASDM. Since I am really new to Cisco ASA, I am not well-versed in issuing commands under CLI. If you are in a similar situation, I suggest to buy this book. Having said that, I’ve always used ASDM when checking out rules, NATs, and etc but I can understand some of the CLI config. Without further ado, here’s how to enable SSH on a Cisco ASA.
ASA-5505# conf t ASA-5505 (config)# enable password password_here encrypted ASA-5505 (config)# username user_here password password_here encrypted privilege 15 ASA-5505 (config)# aaa authentication ssh console LOCAL ASA-5505 (config)# ssh 192.168.0.10 255.255.255.0 inside ! Obviously, you can add/change IPs that you want to allow SSH from. ASA-5505 (config)# domain-name networkjutsu.com ASA-5505 (config)# crypto key gen rsa mod 4096 ASA-5505 (config)# ssh version 2 ASA-5505 (config)# ssh key-exchange group dh-group14-sha1
As you know, it is a good idea to enable SSH and disable Telnet. Since ASA does not enable SSH and/or Telnet by default, you have less to worry about. But if you have to choose between them, of course pick the SSH.
I hope this has been helpful and thank you for reading!
Are you ready to improve your network security?
Let us answer more questions by contacting us. We’re here to listen and provide solutions that are right for you.
Want to learn more about ASA?
NetworkJutsu.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.