PIX 6.X: SSH/Telnet on the Inside and Outside Interface

To manage it remotely, you need to configure PIX 6.X to permit incoming SSH and/or Telnet connections to it. Note that since Telnet sends all information including passwords in clear text, SSH is preferred the method.

Network Diagram:


Configuration Tasks:

1. Specify credentials:
  passwd mypassword
  -- or --
  username myusername password mypassword


2. [SSH only] Generate RSA key pair:
  ca zeroize rsa
  ca gen rsa key 1024
  ca save all

Note: The "zeroize" command is there just in case a previous RSA key has already been generated. You can set the modulus to any other value aside from 1024. The larger the modulus, the more secure the RSA key.

3. Specify the hosts allowed to connect to the PIX:

  ssh 0 0 inside
  ssh 10.199.248.0 255.255.255.0 outside
  -- or --
  telnet 0 0 inside
  telnet 10.199.248.0 255.255.255.0 outside

Note: Syntax parameters for either case is: source_ip_address subnet_mask source_interface. The 0 0 above indicates "any".

4. [Optional] Specify the telnet/ssh session timeout:

  ssh timeout 10
  -- or --
  telnet timeout 10