Firepower Threat Defense and SSH

Moderator: mike

davparker
Posts: 30
Joined: Fri Aug 11, 2017 4:17 am

Firepower Threat Defense and SSH

Post by davparker » Fri Feb 17, 2023 10:37 pm

I've got two Firepower Threat Defense 7.0.5-72 running in FDM mode. I have an issue where I cannot enable ssh access for console. I have all the mgmt settings correct. I can https into the appliance. VNC is not adequate as I need to debug route-based tunnel issues. I can't scrollback in the VNC console. The debug logs are too volumous. I need ssh. I can https into the box both from my PC and an attached Docker Gui-Server in the lab. When I try ssh I always get connection refused immediately. I can run nmap and see https is listening but ssh is closed. Its as if the ssh service is not running. Any help would be appreciated. The mgmt IP is reachable both within the lab and from my computer.

ssh 0.0.0.0 0.0.0.0 inside
ssh ::/0 inside
http server enable\
http 0.0.0.0 0.0.0.0 inside
http ::/0 inside

Thanks,
David

Uldis (UD)
Posts: 5190
Joined: Wed Mar 15, 2017 4:44 pm
Location: London
Contact:

Re: Firepower Threat Defense and SSH

Post by Uldis (UD) » Mon Feb 20, 2023 6:59 pm

SSH you can configure on the inside interface.
Management interface is a bit different story, lina interface

AndreaBB
Posts: 50
Joined: Tue Aug 22, 2017 4:55 pm
Location: UK
Contact:

Re: Firepower Threat Defense and SSH

Post by AndreaBB » Mon Mar 06, 2023 9:16 pm

davparker wrote:
Fri Feb 17, 2023 10:37 pm
I've got two Firepower Threat Defense 7.0.5-72 running in FDM mode. I have an issue where I cannot enable ssh access for console. I have all the mgmt settings correct. I can https into the appliance. VNC is not adequate as I need to debug route-based tunnel issues. I can't scrollback in the VNC console. The debug logs are too volumous. I need ssh. I can https into the box both from my PC and an attached Docker Gui-Server in the lab. When I try ssh I always get connection refused immediately. I can run nmap and see https is listening but ssh is closed. Its as if the ssh service is not running. Any help would be appreciated. The mgmt IP is reachable both within the lab and from my computer.

ssh 0.0.0.0 0.0.0.0 inside
ssh ::/0 inside
http server enable\
http 0.0.0.0 0.0.0.0 inside
http ::/0 inside

Thanks,
David
I've never been able to have the SSH working on EVE, while it works as expected when running FTDv on VMWARE or Cisco appliances.
I did raise this issue here a couple of years ago.
Andrea
CCIE #60810

Uldis (UD)
Posts: 5190
Joined: Wed Mar 15, 2017 4:44 pm
Location: London
Contact:

Re: Firepower Threat Defense and SSH

Post by Uldis (UD) » Thu Mar 09, 2023 10:43 pm

Absolutely no issues SSH to management port FTD 7.3
You do not have the required permissions to view the files attached to this post.

AndreaBB
Posts: 50
Joined: Tue Aug 22, 2017 4:55 pm
Location: UK
Contact:

Re: Firepower Threat Defense and SSH

Post by AndreaBB » Wed Mar 15, 2023 9:34 pm

There's something odd, because it never worked in my labs.
To prove myself I'm not stupid, I did spinup gns3 and it worked with the same config at the first attempt. Tested on 6.7, 7.0, 7.2
You do not have the required permissions to view the files attached to this post.
Last edited by AndreaBB on Thu Mar 16, 2023 6:41 am, edited 1 time in total.
Andrea
CCIE #60810

AndreaBB
Posts: 50
Joined: Tue Aug 22, 2017 4:55 pm
Location: UK
Contact:

Re: Firepower Threat Defense and SSH

Post by AndreaBB » Thu Mar 16, 2023 12:31 am

Updated to 7.3.1 and it works
You do not have the required permissions to view the files attached to this post.
Andrea
CCIE #60810

davparker
Posts: 30
Joined: Fri Aug 11, 2017 4:17 am

Re: Firepower Threat Defense and SSH

Post by davparker » Fri Apr 14, 2023 9:00 pm

Thanks all.

How do you obtain an eval license. I can't enable any encryption beyond des. I downloaded the FTDV from our corp acct. Just no lics for the virtual.

Thanks
David

Uldis (UD)
Posts: 5190
Joined: Wed Mar 15, 2017 4:44 pm
Location: London
Contact:

Re: Firepower Threat Defense and SSH

Post by Uldis (UD) » Sat Apr 15, 2023 9:22 pm

Setting to use 90 days,
and then register smart token with cisco account to activate VPN and rest things
cisco.com account is required

lindausa0106
Posts: 2
Joined: Fri May 05, 2023 1:35 am

Re: Firepower Threat Defense and SSH

Post by lindausa0106 » Fri May 05, 2023 1:43 am

To fix the issue of not being able to enable ssh access for the console on Firepower Threat Defense 7.0.5-72 running in FDM mode, you can do a ssh Configuration Test: Check ssh configuration on FTD, make sure that ssh is enabled and configured correctly. To do this, you can use the "show ssh" command on the FTD CLI. slither io

Uldis (UD)
Posts: 5190
Joined: Wed Mar 15, 2017 4:44 pm
Location: London
Contact:

Re: Firepower Threat Defense and SSH

Post by Uldis (UD) » Fri May 05, 2023 8:14 pm

It is known issue for virtual FTD versions till 7.3
on FTD 7.3 SSh will work flawless

Post Reply