Here’s how to set up SSH on a new ASA out of the box, as well as set up local authentication.
Step 1: Configure aaa to use local database for ssh and console
ciscoasa# aaa authentication ssh console LOCAL
***NOTE*** aaa = authentication (permitting access), authorization (specify commands when granted access), accounting (keeps track of utilization reports of users after logged in and generate accounting reports for billing)
LOCAL = local database
Step 2: Create admin username with privilege 15 (username, P@ssw0rd)
ciscoasa# username username password P@ssw0rd priv 15
***NOTE*** priv 15 = top privilege level (full superuser, can give different command access to different privilege levels)
Step 3: Turn on password for enable
ciscoasa# aaa authentication enable console LOCAL
***NOTE*** forcing a password for the enable prompt
Step 4: Turn on serial console authentication
ciscoasa# aaa authentication serial console LOCAL
***NOTE*** turns on user/pass for serial access
Step 5: Save the changes so far
Step 6: log out console and verify access
ciscoasa# exit
Logoff
Username: username
Password: ********
Step 7: Generate ssh key pair
INFO: The name for the keys will be: <Default-RSA-Key>
Keypair generation process begin. Please wait…
ciscoasa(config)#***NOTE*** SSH is an encrypted protocol, uses RSA to generate public and private key
4096 = block size
rsa = encryption algorithm
Step 8: Allow access to the inside interface
ciscoasa# ssh 0.0.0.0 0.0.0.0 inside
***NOTE*** enable ssh access to the inside interface from any IPv4
Step 9: Force ssh version 2
Step 10: Add timeout of 15 min to ssh
Step 11: Verify login with ssh through 192.168.1.1 in putty
username@192.168.1.1’s password:
User peiadmin logged in to ciscoasa
Logins over the last 1 days: 2. Last login: 16:47:06 UTC Aug 2 2018 from console
Failed logins since the last login: 0.
Type help or ‘?’ for a list of available commands.
ciscoasa> en
Password: ********
ciscoasa#
Thank you! It’s working!