ssh

Cisco ASA – Enable SSH

If you have tried to setup SSH access on a new ASA, it might not have worked the way you wanted. That is because the RSA keys need to be generated first. To do that:

from configure terminal:

fw01/act(config)# crypto key generate rsaINFO: The name for the keys will be:

Keypair generation process begin. Please wait…

And then configure SSH to be allowed from the inside interface:

fw01/act(config)# ssh (inser your ip) (insert your netmask) outside

Now you can configure AAA and setup your own username.

First, a username needs to be created:

fw01/act(config)# username leonardo password mypassword privilege 15

And then configure AAA:

fw01/act(config)# aaa authentication ssh console LOCAL

Sorry, I don’t know anything about your “xterm-color” terminal.

Oggi durante una serie di comandi con un senso ben preciso Solaris mi ha parlato in questo modo:

Sorry, I don’t know anything about your “xterm-color” terminal.

La perplessità generale mi ha fatto lanciare questo comando:

bash-3.00#  export TERM=vt100

Ma molto probabilmente sarebbe stato meglio un terminale “ansi”

Cisco – SSH

Ecco come abilitare, l’ssh sugli apparati con cisco con IOS

Prima fase configurare un dominio, e generare i certificati, al fine di incrementare la sicurezza consiglio di usare almeno la chiave 768 Bit che permette l’uso di SSH v2

route_01_no#conf t
Enter configuration commands, one per line. End with CNTL/Z.
route_01_no(config)#ip domain-name stars.deepreflect.net
route_01_no(config)#cry key generate rsa

The name for the keys will be: route_01_no.stars.deepreflect.net
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]: 768
% Generating 768 bit RSA keys, keys will be non-exportable…[OK]

La seconda fase e’ abilitare il protocollo SSH v2 e abilitare le line vty all’accesso:

route_01_no(config)#ip ssh version 2
route_01_no(config)#line vty 0 4
route_01_no(config-line)# transport input telnet ssh
route_01_no(config-line)#
route_01_no(config)#end
route_01_no#