So, I purchased a Cisco ASA 5505 to build a VPN Tunnel from a remote office to my main office. Really simple to do, when you are using Easy VPN . Anyway, I wanted to turn on SSH. So, I enabled SSH on the ASA, and tried to access it:
[apaxson@netutil ~]$ ssh -l username 188.8.131.52 ssh_exchange_identification: Connection closed by remote host
Hmmmm….. let’s do a debug, and see what happens:
asa# debug ssh Device ssh opened successfully. SSH0: SSH client: IP = '184.108.40.206' interface # = 1 SSH: unable to retrieve default host public key. Please create a defauth RSA key pair before using SSH SSH0: Session disconnected by SSH server - error 0x00 "Internal error"
Ahhhh….. we have to create a default RSA key pair. Let’s do that.
asa(config)# ca generate rsa key 1024 WARNING: the 'ca' command syntax has been deprecated Please use the 'crypto key generate' command.
Okaaaay…… looks like we have to change our ways again.
asa(config)# crypto key generate rsa INFO: The name for the keys will be: <Default-RSA-Key> Keypair generation process begin. Please wait... asa(config)#
Okay, so far so good. Let’s try to connect again:
[apaxson@netutil ~]$ ssh -l username 220.127.116.11 RSA key fingerprint is 9b:99:12:45:6f:7a:bb:37:f4:25:19:1d:d9:0d:62:24. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '18.104.22.168' (RSA) to the list of known hosts.