SSH configuration on PIX Firewall
Contributed by Al Banks 
Tagged: Cisco firewall Encrypted remote sessions to PIX Firewalls with SSH.
Secure SHell (SSH) provides encrypted terminal sessions, along with a lot of other neat features.
www.cisco.com has configuration examples for practically everything under the planet, including the start for this one.
To configure a Cisco PIX Firewall to support SSH, enter the following commands:
hostname myfirewall
domain-name mydomain.mytld
ca gen rsa key 1024
ssh 172.18.124.114 255.255.255.255 inside
ssh timeout 60
passwd YourPasswordGoesHere
ca save all
This configuration allows ssh from the 172.18.124.114 address on the inside interface. Change this address to something that makes sense for your network. If desired, you can use this line to allow access from any address on the outside interface:
ssh 0.0.0.0 0.0.0.0 outside
The “ca save all” is important. This command saves the rsa keys.
How do I connect? First, get an SSH client. PuttY isa popular one for Microsoft Windows, and SSH clients are packaged with most Linux distributions.
For Linux, the command line (for a pix at IP address 1.1.1.1) is:
ssh -1 -c des pix@1.1.1.1
For Solaris (from Cisco’s website):
./ssh -c 3des -1 pix -v
You may also like -
Connect VNC client through a Putty SSH tunnel
Rsync over SSH
Windows XP / Vista / Win7 : Setup a secure remote desktop tunnel / connection with SSH (Copssh) a ...
PPTP (Point-to-Point Tunneling Protocol) through PIX Firewall
SSH Public Key Usage
Access remote TCP ports with OpenSSH tunnels
PPTP on Cisco ASA or PIX 6.3 or later code
How to use Microsoft IAS with Cisco VPN concentrator/ASA/PIX
Luigi said on February 6, 2009
how can i enable 3des instead of des ?
Anonymous said on July 12, 2009
how can i enable 3des instead of des ?
you must have a unrestricted pix licence
Ramki_eee2005 said on June 18, 2010
thnk u it helped so much
Spam said on February 24, 2011
you need to have a 3des-aes license which is free. unrestricted license is not free and does not affect ssh versions.