How to Enable the SSH CLIENT on a CISCO ASA

Here is a method how to SSH FROM a Cisco ASA over to any other device. Basically the SSH client has always been there, but required a secret menu.

ASA# debug menu ssh 1 192.168.1.20 admin P@ss1234
The authenticity of host ‘192.168.1.20 (192.168.1.20)’ can’t be established.
RSA key fingerprint is (SHA256).
Are you sure you want to continue connecting (yes/no)? yes

Please use the following commands to add the hash key to the configuration:
ssh pubkey-chain
server 192.168.1.20
key-hash sha256 e7:e5:bd:b1:f6:51:41:cb:f8:c8:d6:a0:cb:1a:b1:cd:ec:3a:0c:da:7b:61:ec:7b:cf:b0:33:9f:4d:00:a5:52

SSH connection established!
ASA#

The “debug menu” command is a TAC troubleshooting tool that you can use to do some advanced things. Previously it was thought we could never SSH from an ASA over to another device, which really made troubleshooting difficult in certain scenarios.

Leave a comment

Exit mobile version