Cisco
Posted: Wed 26 Aug, 2009 14:10
To configure a Cisco PIX Firewall to support SSH, enter the following commands:
This configuration allows ssh from the 172.18.124.114 address on the inside interface. Change this address to something that makes sense for your network. If desired, you can use this line to allow access from any address on the outside interface:
The “ca save all” is important. This command saves the rsa keys.
How do I connect? First, get an SSH client. PuttY isa popular one for Microsoft Windows, and SSH clients are packaged with most Linux distributions.
For Linux, the command line (for a pix at IP address 1.1.1.1) is:
For Solaris (from Cisco’s website):
Code: Select all
hostname myfirewall
domain-name mydomain.mytld
ca gen rsa key 1024
ssh 172.18.124.114 255.255.255.255 inside
ssh timeout 60
passwd YourPasswordGoesHere
ca save all
Code: Select all
ssh 0.0.0.0 0.0.0.0 outside
How do I connect? First, get an SSH client. PuttY isa popular one for Microsoft Windows, and SSH clients are packaged with most Linux distributions.
For Linux, the command line (for a pix at IP address 1.1.1.1) is:
Code: Select all
ssh -1 -c des pix@1.1.1.1
For Solaris (from Cisco’s website):
Code: Select all
./ssh -c 3des -1 pix -v