Skip to content

Posts

Setting Up SSH and Local Authentication on Cisco ASA


By: Stephanie Hamrick

cisco

Table of content

Here’s how to set up SSH on a new ASA out of the box, as well as set up local authentication.

Step 1: Configure aaa to use local database for ssh and console

ciscoasa# aaa authentication ssh console LOCAL

***NOTE*** aaa = authentication (permitting access), authorization (specify commands when granted access), accounting (keeps track of utilization reports of users after logged in and generate accounting reports for billing)
LOCAL = local database

Step 2: Create admin username with privilege 15 (username, P@ssw0rd)

ciscoasa# username username password P@ssw0rd priv 15

***NOTE*** priv 15 = top privilege level (full superuser, can give different command access to different privilege levels)

Step 3: Turn on password for enable

ciscoasa# aaa authentication enable console LOCAL

***NOTE*** forcing a password for the enable prompt

Step 4: Turn on serial console authentication

ciscoasa# aaa authentication serial console LOCAL

***NOTE*** turns on user/pass for serial access

Step 5: Save the changes so far

ciscoasa# write mem

Step 6: log out console and verify access

ciscoasa(config)# end
ciscoasa# exit
Logoff
Username: username
Password: ********

Step 7: Generate ssh key pair

ciscoasa# crypto key generate rsa modulus 4096
INFO: The name for the keys will be: <Default-RSA-Key>
Keypair generation process begin. Please wait…
ciscoasa(config)#***NOTE*** SSH is an encrypted protocol, uses RSA to generate public and private key
4096 = block size
rsa = encryption algorithm

Step 8: Allow access to the inside interface

ciscoasa# ssh 0.0.0.0 0.0.0.0 inside

***NOTE*** enable ssh access to the inside interface from any IPv4

Step 9: Force ssh version 2

ciscoasa# ssh version 2

Step 10: Add timeout of 15 min to ssh

ciscoasa# ssh timeout 15

Step 11: Verify login with ssh through 192.168.1.1 in putty

login as: username
[email protected]’s password:
User peiadmin logged in to ciscoasa
Logins over the last 1 days: 2.  Last login: 16:47:06 UTC Aug 2 2018 from console
Failed logins since the last login: 0.
Type help or ‘?’ for a list of available commands.
ciscoasa> en
Password: ********
ciscoasa#
Alison Wallick, PEI

Other Networking Basics:

Taking and Restoring ASDM Backups

Upgrading ASA and ASDM Images

Adding and Removing Devices from the Meraki Dashboard

Setting Up New Meraki Access Points

Upgrading an ASA ROMMON Version

Configuring a Cisco Router as DHCP Server

Site-to-Site VPN between Meraki and ASA

Recent Tweets

INSIGHTS

Want the latest IT insights?

Subscribe to our blog to learn about the latest IT trends and technology best practices.