How do you set up SSH server on a PIX

[gman10]

Hell all-

I have a PIX 501 and would like to set up SSH server on it to be able to telnet to the inside interface of the PIX.. Although many sources say that telnetting to the inside interface is not "doable" I've found a white paper that discusses the configuration thoroughly.. I just need to basic setup procedures to configure SSH server to my PIX.. I remember packetattack.com had a great JAVA driven lab with audio that showed exactly how this is done but they've changed their site a bit and this lab is unavailable.

Thanks to all that can point the way, enjoy the evening!

Gman

 

[dopehead]

Ok, i am not sure what you wanna do, you say you wan't to telnet to the inside and then you say you wanna enable ssh, which is it ?

Telnet to inside is of course only available through a vpn lan/client tunnel or from the inside lan, seeing as most ppl run private ip scopes on the inside (non-internet-routable)

Telnet to outside is as far as i recall not available, and for a good reason. Don't use it.

SSH is the same all you need is to generate an rsa key on the pix "ca generate rsa key 512" remember to put in a domain-name in the pix first. Enable ssh with "ssh x.x.x.x x.x.x.x outside (or inside)" Remember ca save all to save the rsa key on the pix.

Default username is pix and the password is the same as your telnet password set by the "passwd" command.

Jan


Network Systems Engineer
CCNA/CQS/CCSP/Infosec

 

[gman10]

Thanks Jan,

This is very good and concise.. Will let you know what I truly end up doing.. definately the SSH server piece must get done, nevermind telneting to the inside interface (I gave wrong info)

cheers!
gman

 

[baddos]

I wrote how to do this on this website:

http://www.snapfusion.com/11.asp

This sets up a PIX to allow it to be managed via SSH on the inside interface. A simple modification would be made for you to remotely manage via SSH.