Using An Ssh Client; Allowing Https Access For Asdm - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Chapter 40
Managing System Access
hostname(config)# ssh source_IP_address mask source_interface
The security appliance accepts SSH connections from all interfaces, including the one with the lowest
security level.
(Optional) To set the duration for how long an SSH session can be idle before the security appliance
Step 4
disconnects the session, enter the following command:
hostname(config)# ssh timeout minutes
Set the timeout from 1 to 60 minutes. The default is 5 minutes. The default duration is too short in most
cases and should be increased until all pre-production testing and troubleshooting has been completed.
For example, to generate RSA keys and let a host on the inside interface with an address of 192.168.1.2
access the security appliance, enter the following command:
hostname(config)# crypto key generate rsa modulus 1024
hostname(config)# write mem
hostname(config)# ssh 192.168.1.2 255.255.255.255 inside
hostname(config)# ssh 192.168.1.2 255.255.255.255 inside
hostname(config)# ssh timeout 30
To allow all users on the 192.168.3.0 network to access the security appliance on the inside interface,
the following command:
hostname(config)# ssh 192.168.3.0 255.255.255.0 inside
By default SSH allows both version one and version two. To specify the version number enter the
following command:
hostname(config)# ssh version
The version_number can be 1 or 2.
Using an SSH Client
To gain access to the security appliance console using SSH, at the SSH client enter the username pix and
enter the login password set by the password command (see the
on page
When starting an SSH session, a dot (.) displays on the security appliance console before the SSH user
authentication prompt appears, as follows:
hostname(config)# .
The display of the dot does not affect the functionality of SSH. The dot appears at the console when
generating a server key or decrypting a message using private keys during SSH key exchange before user
authentication occurs. These tasks can take up to two minutes or longer. The dot is a progress indicator
that verifies that the security appliance is busy and has not hung.
Allowing HTTPS Access for ASDM
To use ASDM, you need to enable the HTTPS server, and allow HTTPS connections to the security
appliance. All of these tasks are completed if you use the setup command. This section describes how
to manually configure ASDM access and how to login to ASDM.
OL-12172-03
version_number
8-1).
"Changing the Login Password" section
Cisco Security Appliance Command Line Configuration Guide
Allowing HTTPS Access for ASDM
40-3
Advertisement
Table of Contents
Troubleshooting
