Tuesday, 9 February 2016

Setting up SSH on the Cisco ASA

We should firslty ensure we have setup AAA on the ASA by creating a server group:

aaa-server myTACASServers protocol tacacs+

(and add the relevent AAA servers)

Instruct local SSH authneitcation to be performed by the server group:

aaa authentication ssh console myTACASServers LOCAL

* The 'LOCAL' keyword allows the authentication mechanism to fallback to local users on the device if there are no available aaa servers. *

We should now create a local account as a backup:

username cisco password myStr0ngP@55w0rd! privilage 15
username cisco attributes
service-type nas-prompt
aaa authorization exec authentication-server

Create an RSA key and set SSH version:

crypto key gen rsa modulus 768

ssh version 2

and finally set access-control up:

ssh 10.0.0.0 255.255.255.0 management

0 comments:

Post a comment