Re: PIX denying SSH Access - until I run PDM?

[Greg Padden <paddeng () biostat wisc edu>]

Nope,  you need to issue the command (in config mode) ca save all.

If you don't save the CA cert, you get a new one every reboot.  And you
don't generate a new CA until you fire up the https interface.

Paul Melson wrote:

> I have a hunch that you may have an 'aaa authentication' rule that's causing
> this problem.  Would you be willing to post the output of 'show aaa' from a
> PIX with this affliction?  Of course, sanitize it to prevent any unnecessary
> disclosures such as user names or public IP addresses.
>
> PaulM
>
> -----Original Message-----
> Subject: [fw-wiz] PIX denying SSH Access - until I run PDM?
>
> The symptom is that a few weeks will pass since I last logged onto the fw
> using ssh; and I'll attempt to; but instead of being prompted for a
> userid/password the client will simply sit there and stare at me while doing
> nothing - no errors. If I'm using Kermit (usual) it'll just sit on the blank
> black screen until it times out. Other clients produce similar behavior.
>
> The odd part is that I discovered through trial and error that if access the
> PIX via PDM after the failed SSH attempt - even if the PDM connection is not
> completed - I can then attach via SSH.
>
> This is such a bizarre problem that I've been reluctant to post it; but I've
> encountered it so many times now that my curiousity has gotten the better of
> me!
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () honor icsalabs com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>  
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards