Can’t SSH into ASA?

May 19, 2010 at 11:04 am (Technology, TechTips) (, , )

Something strange happened today when I went to SSH into my ASA cluster.

Upon running ssh I got this error message:

ssh_exchange_identification: Connection closed by remote host

I started Google searching for information on this error message and found some people writing that the error could be resolved by making some changes on the client.  If you view the log on the ASA, you will see a error message that states:

Fail to establish SSH session because RSA host key retrieval failed.

This indicates that the problem is not with the client at all.  Rather, the problem is with the server end, in this case, the ASA.  The issues is that the ASA does not have a RSA host key.

Resolve this issue by running these commands below in the CLI.  Remember that you can still run CLI commands from the ASDM.  Launch the ASDM.  Click on Tools.  Click on Command Line Interface.  Click on Multiple Line.

Commands to run:

conf t
crypto key generate rsa modulus 2048
wr mem

Now you should be able to log in just fine.

See this link for more information on SSH configuration on the ASA:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008069bf1b.shtml

Advertisements

11 Comments

  1. aaa said,

    thank for tip, useful

  2. Highspade said,

    Thanks! worked like a charm.

  3. EJ said,

    I have also seen this as a bug with failover pairs running 8.2(3). One will take SSH, but the other won’t until reloaded and even then after a while the same problem creeps back in. moving up further or reverting to 8.2(2) will address this issue.

  4. Jamie Jamison said,

    This worked great. Thanks.

  5. Jake said,

    Worked like a charm!

  6. Bookmarks for 22 ott 2012 through 23 ott 2012 | jtheo said,

    […] Can’t SSH into ASA? « Axelilly’s Ponderings – Something strange happened today when I went to SSH into my ASA cluster. […]

  7. webpage best image number said,

    What a material of un-ambiguity and preserveness of valuable familiarity on
    the topic of unexpected emotions.

  8. Fahad said,

    It works with me.. Thank you so much for sharing, Highly appreciated.

  9. David said,

    I also needed to enable the use of a local user for SSH access with the following command:

    aaa authentication ssh console LOCAL

    After that, it worked perfectly.

  10. carlos manzo said,

    gracias!

  11. Pete Long said,

    Hi you need to add a noconfirm to the end of the cry key gen, command , or it prompts for a confirmation. see http://www.petenetlive.com/KB/Article/0001322

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: