Skip to content

Instantly share code, notes, and snippets.

@rdapaz

rdapaz/example.md

Created September 21, 2023 04:55
Show Gist options
  • Save rdapaz/679c16075eb21e1e7a0255f1038bbbf8 to your computer and use it in GitHub Desktop.
Save rdapaz/679c16075eb21e1e7a0255f1038bbbf8 to your computer and use it in GitHub Desktop.
Download ZIP
Enabling SSH Client on ASA Firewall
Raw
example.md

Here is a method how to SSH FROM a Cisco ASA over to any other device. Basically the SSH client has always been there, but required a secret menu.

ASA# debug menu ssh 1 192.168.1.20 admin P@ss1234
The authenticity of host ‘192.168.1.20 (192.168.1.20)’ can’t be established.
RSA key fingerprint is (SHA256).
Are you sure you want to continue connecting (yes/no)? yes

Please use the following commands to add the hash key to the configuration:

ssh pubkey-chain
server 192.168.1.20
key-hash sha256 e7:e5:bd:b1:f6:51:41:cb:f8:c8:d6:a0:cb:1a:b1:cd:ec:3a:0c:da:7b:61:ec:7b:cf:b0:33:9f:4d:00:a5:52

SSH connection established!
ASA#

The “debug menu” command is a TAC troubleshooting tool that you can use to do some advanced things. Previously it was thought we could never SSH from an ASA over to another device, which really made troubleshooting difficult in certain scenarios.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment