Skip to content

Month: June 2015

SSH Login without Password

Have you copied your public key to your remote ~/.ssh/authorized_keys file and are still being prompted for your password? There’s a good change that the permissions are wrong on that file. If you look at the ssh logs, you can see entries like this:

$ sudo tail /var/log/secure
Jun  5 17:27:16 server sshd[12001]: Authentication refused: bad ownership or modes for file /home/sean/.ssh/authorized_keys

Change the permissions mode to 600 and you should be able to login as intended.

Installing Cisco ASDM on Linux

Cisco’s Adaptive Security Device Manager is a GUI tool for managing and configuring Cisco security appliances. It runs perfectly well under Linux, but can be a little tricky to get running. Today, I’ll show you how.

I am currently running the following:

  • Fedora 22 Workstation w/ Gnome 3.16
  • Oracle Java 8 (1.8.0_45)

Adding a Security Exception

The first thing we need to do is add a security exception for the ASA. Open up the Java Control Panel with the following command:

$ /usr/java/latest/bin/ControlPanel &

Click on the Security tab and then on the Edit Site List… button.

Once the Exception Site List window opens, click on Add and type in “https://” followed by the IP of your ASA and a trailing forward-slash. If you’ve configured ASDM to be available on a different port, you’ll need to specify that. For example, if your ASA has the IP address of 192.168.10.1 and you’ve configured ASDM to be on port 4430, you’d enter the following:

https://192.168.10.1:4430/

Click OK to close the Exception Site List window, then OK again to close the Java Control Panel.

Installing ASDM

Go back to your terminal window and enter the following command, replacing <SITE_ADDRESS> with the IP and port number, if changed, of your ASA:

$ javaws https://<SITE_ADDRESS>/admin/public/asdm.jnlp

Accept the security warnings and login to your ASA. ASDM will install itself and, if you have the Applications Menu extension turned on, you’ll find it under Java WebStart.

HTTPS Enforced

I’ve finally gotten around to requesting an SSL certificate for this site and configured it this morning. I need to add a few more rewrite rules so that old image tags and such are redirected to the secured version, but it’s not high on my priority list.