Enabling SSH Access on Cisco ASA Appliances

It is very important to access your ASA via SSH and not telnet. Even if you only enable access from your inside interface, this will protect from clear text password scanning on your local network via an undetected malware bot.
For this example, we are enabling SSH on our inside interface network (
To get started, enter configuration mode:
asa# config t
Make sure you have an enable password set, in the case TEXT is your clear text enable password:
asa(config)# enable password TEXT
Now we create a local user for SSH login, in this case the username is admin with password ABC123:
asa(config)# aaa authentication ssh console LOCAL
asa(config)# username admin password ABC123 privilege 15
Allow access from our inside network:
asa(config)# ssh inside
And finally, generate an RSA key:
asa(config)# domain-name foobar.com
asa(config)# crypto key generate rsa modulus 1024

Its an important to note, you have to specify a domain name in order to generate a functional RSA key. Also, if you wanted to enable SSH access from the outside, you would use the following line:
asa(config)# ssh outside
In this case, I am only allowing SSH from a singular IP address of for say a home office.