Networking • Automation • Occasional Podcasting
, , ,

Cisco ASA SSH, Don’t Forget To Generate A Key

If you are just now enabling SSH and you get the following error message:

SSH session from XXX.XXX.XXX.XXX on interface Outside for user "" disconnected by SSH server, reason "Internal error" (0x00)

It looks like you need to generate an RSA key for SSH:

crypto key generate rsa modulus 1024

Comments

6 responses to “Cisco ASA SSH, Don’t Forget To Generate A Key”

  1. iam8up Avatar
    iam8up

    The fact that Cisco doesn’t do this automatically makes me very very nervous. The networks running Cisco appear to be primarily using telnet =(

  2. Greg Avatar

    @8up
    I’m not saying that…but they do still pretty much default to telnet. One must even be sure to pull the IOS image for switches and routers that supports SSH.

  3. iam8up Avatar
    iam8up

    I don’t do anything with Cisco (routers/switches) and I haven’t used them in ages. Is SSH not even available on today’s equipment?

  4. Greg Avatar

    @8up
    It is available, it just isn’t in every firmware image. You often have to make sure you have a version that supports it. The ASAs all have it in there.

  5. iam8up Avatar
    iam8up

    So if you don’t have it you need to pony up the cash to upgrade your IOS?

  6. Greg Avatar

    @8up
    You have to have TAC to get IOS updates unless it is a handfull of switch models which have free updates in the same code train for life.

Leave a Reply

Your email address will not be published. Required fields are marked *