Can’t SSH into ASA?

May 19, 2010 at 11:04 am (Technology, TechTips) (, , )

Something strange happened today when I went to SSH into my ASA cluster.

Upon running ssh I got this error message:

ssh_exchange_identification: Connection closed by remote host

I started Google searching for information on this error message and found some people writing that the error could be resolved by making some changes on the client.  If you view the log on the ASA, you will see a error message that states:

Fail to establish SSH session because RSA host key retrieval failed.

This indicates that the problem is not with the client at all.  Rather, the problem is with the server end, in this case, the ASA.  The issues is that the ASA does not have a RSA host key.

Resolve this issue by running these commands below in the CLI.  Remember that you can still run CLI commands from the ASDM.  Launch the ASDM.  Click on Tools.  Click on Command Line Interface.  Click on Multiple Line.

Commands to run:

conf t
crypto key generate rsa modulus 2048
wr mem

Now you should be able to log in just fine.

See this link for more information on SSH configuration on the ASA:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008069bf1b.shtml

Advertisements

Permalink 11 Comments