Netbrain
Home NetBrain Product One-Skill-at-a-Time Search Mark Forums Read
Go BackThe Net-BrainerOne-Skill-at-a-Time "no user specified nor ssh client available" error during SSH to ASA5505

Reply
 
Thread Tools Search this Thread Display Modes
Old 06-17-2009, 12:56 AM
David.C David.C is offline
 
Join Date: May 2009
Posts: 118
Default "no user specified nor ssh client available" error during SSH to ASA5505

I am having a problem in SSH. I configured SSH on ASA 5505. When I SSH ASA from my router I am getting error
"no user specified nor ssh client available "


I used the following command for configuration of SSH in ASA:

aaa authentication ssh console LOCAL
passwd password
crypto key generate rsa modulus 512
ssh myrouterip outside
ssh mypublicip outside
ssh version 2
ssh timeout minutes

why am I having this problem, can anyone help me in this regard?
thanks in advance

Last edited by David.C; 12-03-2009 at 11:39 PM.
Reply With Quote
Old 06-17-2009, 01:38 AM
Chris Chris is offline
 
Join Date: Jun 2009
Posts: 74
Default Hope this helps.

I found that the ASA does not properly generate an SSH key unless you have a domain defined:

domain-name abc.com

It uses the hostname of the ASA in combination with the domain name to generate the key.

As someone else said, you also need to create a user on the ASA, or in a AAA server. For local user it is of the format:

username abc password xyz

I set my ASA to use AAA with TACACS+, so that it first tries authentication to TACACS+ before it tries the local user database. But if you don't want to do this, you can still set up AAA:

aaa authentication ssh console LOCAL
aaa authentication enable console LOCAL
aaa authentication serial console LOCAL

One other thing...I notice that you have:

ssh myrouterip outside
ssh mypublicip outside

This is implying that the IP address you have in the statement is an address on the ASA. This is not correct. This should be the IP address or IP block that is allowed to connect via SSH, and from which interface.

Are you trying to access the ASA from the outside? I would expect that you are trying to access the ASA from the inside, in which case you need to have:

ssh 'clientip' inside

Where 'clientip' is either the IP address of the client machine that you are using, or it can be part of or the entire range of the permitted subnet. For example, if you are using 192.168.1.0/24 as your inside subnet, and your client machine is 192.168.1.10:

ssh 192.168.1.10 0.0.0.0 inside

or

ssh 192.168.1.0 255.255.255.0 inside

Hope this helps.
Reply With Quote
Old 06-17-2009, 01:39 AM
Chris Chris is offline
 
Join Date: Jun 2009
Posts: 74
Default you need to have a user created on the ASA or on a AAA server.

you need to have a user created on the ASA or on a AAA server. If you do it locally you will need something like this:

username admin pass admin

aaa authentication ssh console local

then from the router try:

ssh -l admin 192.168.1. ----> this is the interface IP.

that should work if the router supports being a SSH client
Reply With Quote
Reply

Bookmarks

Tags
CCIE

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Forum Jump

All times are GMT -4. The time now is 04:44 AM.
Powered by vBulletin
Copyright 2000-2010 Jelsoft Enterprises Limited.
Copyright 2009 NetBrain, Inc. All rights reserved.