So, I purchased a Cisco ASA 5505 to build a VPN Tunnel from a remote office to my main office. Really simple to do, when you are using Easy VPN . Anyway, I wanted to turn on SSH. So, I enabled SSH on the ASA, and tried to access it:

 

[apaxson@netutil ~]$ ssh -l username 1.2.3.4
ssh_exchange_identification: Connection closed by remote host 

 

Hmmmm….. let’s do a debug, and see what happens:

 

asa# debug ssh
Device ssh opened successfully.
SSH0: SSH client: IP = '1.2.3.10' interface # = 1
SSH: unable to retrieve default host public key. Please create a defauth RSA key pair before using SSH
SSH0: Session disconnected by SSH server - error 0x00 "Internal error"

 

Ahhhh….. we have to create a default RSA key pair. Let’s do that.

 

asa(config)# ca generate rsa key 1024
WARNING: the 'ca' command syntax has been deprecated
Please use the 'crypto key generate' command.

 

Okaaaay…… looks like we have to change our ways again.

 

asa(config)# crypto key generate rsa

INFO: The name for the keys will be: <Default-RSA-Key>
Keypair generation process begin. Please wait...
asa(config)#

 

Okay, so far so good. Let’s try to connect again:

 

[apaxson@netutil ~]$ ssh -l username 1.2.3.4
RSA key fingerprint is 9b:99:12:45:6f:7a:bb:37:f4:25:19:1d:d9:0d:62:24.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘1.2.3.4′ (RSA) to the list of known hosts.

 

Outstanding!

Technorati Tags: ASA, cisco, ssh