Skip to content
Aug 15 / Greg

Cisco ASA SSH, Don’t Forget To Generate A Key

If you are just now enabling SSH and you get the following error message:

SSH session from XXX.XXX.XXX.XXX on interface Outside for user "" disconnected by SSH server, reason "Internal error" (0x00)

It looks like you need to generate an RSA key for SSH:

crypto key generate rsa modulus 1024


leave a comment
  1. iam8up / Aug 15 2011

    The fact that Cisco doesn’t do this automatically makes me very very nervous. The networks running Cisco appear to be primarily using telnet =(

  2. Greg / Aug 15 2011

    I’m not saying that…but they do still pretty much default to telnet. One must even be sure to pull the IOS image for switches and routers that supports SSH.

  3. iam8up / Aug 15 2011

    I don’t do anything with Cisco (routers/switches) and I haven’t used them in ages. Is SSH not even available on today’s equipment?

  4. Greg / Aug 15 2011

    It is available, it just isn’t in every firmware image. You often have to make sure you have a version that supports it. The ASAs all have it in there.

  5. iam8up / Aug 15 2011

    So if you don’t have it you need to pony up the cash to upgrade your IOS?

  6. Greg / Aug 15 2011

    You have to have TAC to get IOS updates unless it is a handfull of switch models which have free updates in the same code train for life.

Leave a Comment