Home > Articles > Cisco Network Technology > General Networking > Configuring the PIX Firewall for SSH (Secure Shell)

Configuring the PIX Firewall for SSH (Secure Shell)

Article Description

In October of 1995, Cisco Systems, Inc. began their first serious push into the Network Security market with the acquisition of NTI (Network Translation, Inc.). NTI’s flagship PIX firewall became the Cisco Secure PIX Firewall. From 1995 until 2000, there was one feature missing that frustrated security administrators greatly: secure remote access. Although the PIX Firewall allows Telnet access to its CLI (command line interface), the PIX OS will not allow Telnet to hosts on the outside interface because of the threat of password interception. In 2000, Cisco introduced version 5.2 of the PIX OS. One of the most notable features of 5.2 was support for the new faster and more scalable PIX 525 Firewall. Another feature that received less fanfare, SSH or Secure Shell, proved to be very important to Security Administrators who were tired of driving to the office to make changes to their PIX. SSH uses either DES or 3DES to encrypt the entire session to the PIX; and as such, it was deemed safe to enable on the outside interface. David W. Chapman Jr. will demonstrate how to enable and troubleshoot SSH access to your PIX in an easy to follow step-by-step process.

Like this article? We recommend

Cisco Secure PIX Firewalls

Cisco Secure PIX Firewalls

$35.00

Obtaining a SSH Client for Your Platform

The websites in Table 1 allow you to download a free SSH v1.x client. Because SSH version 1.x and 2 are entirely different protocols and are not compatible, be sure you download a client that supports SSH v1.x

Tip

I have found through my own experimentation that Terra Term Pro SSH consistently works on the following versions of the PIX OS: 5.3(1), 6.0(1) and 6.1(1). And it's free!

Table 1: SSH Clients

Company/Client

SSH Client Description

URL

*SSH Communications

SSH Communications allows free downloads of its SSH client to Academia and to individuals for non-commercial use.

http://commerce.ssh.com/
sshws/index.html?
SshSid=9xXLRLtMNn85ZF24

Terra Term Pro/SSH

You can download the free Tera Term Pro SSH v1.x client for the following platforms: Windows 3.1, Windows CE, Windows 95, and Windows NT 4.0.

**You can also download The TTSSH security enhancement for Terra Term Pro.

http://hp.vector.co.jp/
authors/VA002416/teraterm.html

www.zip.com.au/~roca/
ttssh.html

OpenSSH for Unix/Linux

Download the SSH v1.x client for the following platforms: Linux, Solaris, OpenBSD, AIX, IRIX, HP/UX, FreeBSD, and NetBSD.

www.openssh.com

Nifty Telnet for Macintosh

The Nifty Telnet 1.1 SSH client for the Macintosh.

www.lysator.liu.se/~jonasw/
freeware/niftyssh

6. Conclusion | Next Section Previous Section