Allowing Ssh Access - Cisco 7604 Configuration Manual

Allowing SSH Access

To configure Telnet access to the FWSM, perform the following steps:
To identify the IP addresses from which the FWSM accepts connections, enter the following command
Step 1
for each address or subnet:
hostname(config)# telnet source_IP_address mask source_interface
If there is only one interface, you can configure Telnet to access that interface as long as the interface
has a security level of 100.
(Optional) To set the duration for how long a Telnet session can be idle before the FWSM disconnects
Step 2
the session, enter the following command:
hostname(config)# telnet timeout minutes
Set the timeout from 1 to 1440 minutes. The default is 5 minutes. The default duration is too short in
most cases and should be increased until all pre-production testing and troubleshooting has been
completed.
For example, to let a host on the inside interface with an address of 192.168.1.2 access the FWSM, enter
the following command:
hostname(config)# telnet 192.168.1.2 255.255.255.255 inside
hostname(config)# telnet timeout 30
To allow all users on the 192.168.3.0 network to access the FWSM on the inside interface, enter the
following command:
hostname(config)# telnet 192.168.3.0 255.255.255.0 inside
Allowing SSH Access
The FWSM allows SSH connections to the FWSM for management purposes. The FWSM allows a
maximum of 5 concurrent SSH connections per context, if available, with a maximum of 100
connections divided between all contexts. You can control the number of SSH sessions allowed per
context using resource classes. (See the
only, you can have up to 15 Telnet and 15 SSH sessions concurrently.
Please note that if you have two or more concurrent Telnet or SSH sessions and one of the sessions is at
Note
the More prompt, the other sessions may hang until the More prompt is dismissed. To disable the More
prompt and avoid this situation, enter the pager lines 0 command.
SSH is an application running on top of a reliable transport layer, such as TCP/IP, that provides strong
authentication and encryption capabilities. The FWSM supports the SSH remote shell functionality
provided in SSH Versions 1 and 2 and supports DES and 3DES ciphers.
XML management over SSL and SSH are not supported.
Note
This section includes the following topics:
•
•
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
23-2
Configuring SSH Access, page 23-3
Using an SSH Client, page 23-3
Chapter 23
"Configuring a Class" section on page
Configuring Management Access
4-24.) In admin context
OL-20748-01