Cisco ASA 5505 Configuration Manual page 675

Chapter 32 Configuring Management Access
Using an SSH Client
To gain access to the adaptive security appliance console using SSH, at the SSH client enter the username
asa and enter the login password set by the password command (see the
Domain Name, and Passwords" section on page
When starting an SSH session, a dot (.) displays on the adaptive security appliance console before the
SSH user authentication prompt appears, as follows:
hostname(config)# .
The display of the dot does not affect the functionality of SSH. The dot appears at the console when
generating a server key or decrypting a message using private keys during SSH key exchange before user
authentication occurs. These tasks can take up to two minutes or longer. The dot is a progress indicator
that verifies that the adaptive security appliance is busy and has not hung.
Configuring CLI Parameters
This section includes the following topics:
•
•
•
Configuring a Login Banner
You can configure a message to display when a user connects to the adaptive security appliance, before
a user logs in, or before a user enters privileged EXEC mode.
Restrictions
After a banner is added, Telnet or SSH sessions to adaptive security appliance may close if:
•
•
Guidelines
•
•
Detailed Steps
Choose the Configuration > Device Management > Management Access > Command Line (CLI) >
Step 1
Banner pane, add your banner text to the field for the type of banner you are creating for the CLI:
OL-20339-01
Configuring a Login Banner, page 32-3
Customizing a CLI Prompt, page 32-4
Changing the Console Timeout Period, page 32-5
There is not enough system memory available to process the banner message(s).
A TCP write error occurs when attempting to display banner message(s).
From a security perspective, it is important that your banner discourage unauthorized access. Do not
use the words "welcome" or "please," as they appear to invite intruders in. The following banner
sets the correct tone for unauthorized access:
You have logged in to a secure device. If you are not authorized to access this
device,
log out immediately or risk possible criminal consequences.
See RFC 2196 for guidelines about banner messages.
9-1).
Cisco ASA 5500 Series Configuration Guide using ASDM
Configuring CLI Parameters
"Configuring the Hostname,
32-3