Firepower Threat Defense and SSH
Moderator: mike
-
- Posts: 17
- Joined: Fri Aug 11, 2017 4:17 am
Firepower Threat Defense and SSH
I've got two Firepower Threat Defense 7.0.5-72 running in FDM mode. I have an issue where I cannot enable ssh access for console. I have all the mgmt settings correct. I can https into the appliance. VNC is not adequate as I need to debug route-based tunnel issues. I can't scrollback in the VNC console. The debug logs are too volumous. I need ssh. I can https into the box both from my PC and an attached Docker Gui-Server in the lab. When I try ssh I always get connection refused immediately. I can run nmap and see https is listening but ssh is closed. Its as if the ssh service is not running. Any help would be appreciated. The mgmt IP is reachable both within the lab and from my computer.
ssh 0.0.0.0 0.0.0.0 inside
ssh ::/0 inside
http server enable\
http 0.0.0.0 0.0.0.0 inside
http ::/0 inside
Thanks,
David
ssh 0.0.0.0 0.0.0.0 inside
ssh ::/0 inside
http server enable\
http 0.0.0.0 0.0.0.0 inside
http ::/0 inside
Thanks,
David
-
- Posts: 5083
- Joined: Wed Mar 15, 2017 4:44 pm
- Location: London
- Contact:
Re: Firepower Threat Defense and SSH
SSH you can configure on the inside interface.
Management interface is a bit different story, lina interface
Management interface is a bit different story, lina interface
-
- Posts: 50
- Joined: Tue Aug 22, 2017 4:55 pm
- Location: UK
- Contact:
Re: Firepower Threat Defense and SSH
I've never been able to have the SSH working on EVE, while it works as expected when running FTDv on VMWARE or Cisco appliances.davparker wrote: ↑Fri Feb 17, 2023 10:37 pmI've got two Firepower Threat Defense 7.0.5-72 running in FDM mode. I have an issue where I cannot enable ssh access for console. I have all the mgmt settings correct. I can https into the appliance. VNC is not adequate as I need to debug route-based tunnel issues. I can't scrollback in the VNC console. The debug logs are too volumous. I need ssh. I can https into the box both from my PC and an attached Docker Gui-Server in the lab. When I try ssh I always get connection refused immediately. I can run nmap and see https is listening but ssh is closed. Its as if the ssh service is not running. Any help would be appreciated. The mgmt IP is reachable both within the lab and from my computer.
ssh 0.0.0.0 0.0.0.0 inside
ssh ::/0 inside
http server enable\
http 0.0.0.0 0.0.0.0 inside
http ::/0 inside
Thanks,
David
I did raise this issue here a couple of years ago.
Andrea
CCIE #60810
CCIE #60810
-
- Posts: 5083
- Joined: Wed Mar 15, 2017 4:44 pm
- Location: London
- Contact:
Re: Firepower Threat Defense and SSH
Absolutely no issues SSH to management port FTD 7.3
You do not have the required permissions to view the files attached to this post.
-
- Posts: 50
- Joined: Tue Aug 22, 2017 4:55 pm
- Location: UK
- Contact:
Re: Firepower Threat Defense and SSH
There's something odd, because it never worked in my labs.
To prove myself I'm not stupid, I did spinup gns3 and it worked with the same config at the first attempt. Tested on 6.7, 7.0, 7.2
To prove myself I'm not stupid, I did spinup gns3 and it worked with the same config at the first attempt. Tested on 6.7, 7.0, 7.2
You do not have the required permissions to view the files attached to this post.
Last edited by AndreaBB on Thu Mar 16, 2023 6:41 am, edited 1 time in total.
Andrea
CCIE #60810
CCIE #60810
-
- Posts: 50
- Joined: Tue Aug 22, 2017 4:55 pm
- Location: UK
- Contact:
Re: Firepower Threat Defense and SSH
Updated to 7.3.1 and it works
You do not have the required permissions to view the files attached to this post.
Andrea
CCIE #60810
CCIE #60810
-
- Posts: 17
- Joined: Fri Aug 11, 2017 4:17 am
Re: Firepower Threat Defense and SSH
Thanks all.
How do you obtain an eval license. I can't enable any encryption beyond des. I downloaded the FTDV from our corp acct. Just no lics for the virtual.
Thanks
David
How do you obtain an eval license. I can't enable any encryption beyond des. I downloaded the FTDV from our corp acct. Just no lics for the virtual.
Thanks
David
-
- Posts: 5083
- Joined: Wed Mar 15, 2017 4:44 pm
- Location: London
- Contact:
Re: Firepower Threat Defense and SSH
Setting to use 90 days,
and then register smart token with cisco account to activate VPN and rest things
cisco.com account is required
and then register smart token with cisco account to activate VPN and rest things
cisco.com account is required
-
- Posts: 2
- Joined: Fri May 05, 2023 1:35 am
Re: Firepower Threat Defense and SSH
To fix the issue of not being able to enable ssh access for the console on Firepower Threat Defense 7.0.5-72 running in FDM mode, you can do a ssh Configuration Test: Check ssh configuration on FTD, make sure that ssh is enabled and configured correctly. To do this, you can use the "show ssh" command on the FTD CLI. slither io
-
- Posts: 5083
- Joined: Wed Mar 15, 2017 4:44 pm
- Location: London
- Contact:
Re: Firepower Threat Defense and SSH
It is known issue for virtual FTD versions till 7.3
on FTD 7.3 SSh will work flawless
on FTD 7.3 SSh will work flawless