Configuring the SSH Client to Connect to the PIX
Before you can connect to the PIX using SSH, you need to install a SSH client compatible with your platform. This example uses the SSH client from SSH Communications. Refer to the Cisco PIX Firewall Command Reference for the SSH command and scroll down to the section "Obtaining an SSH Client for Your Platform." For the Windows platform, I recommend using TerraTerm Pro with the SSH extension.
Launch the SSH client software.
Select Settings from the Edit menu in Figure 1.
Figure 1 Opening the Settings Panel
Click on the Connection item from the list under Profile Settings on the left side panel in Figure 2. In the Host Name field, enter the IP address of the PIX. Enter pix in the User Name field. Next, in the Authentication Methods pane, click on password.
Figure 2 Setting Connection Preferences
Click on the Cipher List item just below the Connection item under Profile Settings in the left side panel. Uncheck all the ciphers except the one you will be using. Once your cipher is selected, use the black Up Arrow to move your preferred cipher to the top of the list. In the example illustrated in Figure 3, the user has selected DES.
While many SSH Clients support a wide variety of ciphers, the PIX supports DES and 3DES exclusively. You must install the appropriate activation key before using DES or 3DES. For maximum security, Cisco recommends using 3DES to secure SSH and IPSec.
Figure 3 Cipher Selection
To avoid entering this information every time you launch the SSH client, choose Save Settings from the Edit menu in Figure 4.
Figure 4 Saving Your Preferences to a Profile
Click the Quick Connect button to open the login pop-up box labeled Connect to Remote Host (see Figure 5).
Figure 5 Opening the Login Pop-Up
Because of the potential vulnerabilities with SSH version 1, this SSH client warns you with the message in Figure 6. Click the Yes button to accept this connection and continue.
If this is the first time you've connected to the PIX with SSH, you must exchange Public Keys with each other in order to encrypt the session. The SSH client prompts you to accept the PIX's Public Key. Click on the Yes button in Figure 7 to save the PIX's Public Key to the Local Database.
Figure 7 Public Key Exchange
After you save the PIX's Public Key, your SSH Client prompts you for the telnet password in Figure 8.
Figure 8 Enter Telnet Password
You did it! You have created a secure connection to your PIX. Now, you can perform any of the configuration and routine maintenance over the SSH connection (see Figure 9).
Figure 9 SSH Secure Shell Window
Figure 6 SSH Version 1 Warning