DBTN

Its important to mention this will work on either inside or outside interfaces, but you should preferably only have this available to the inside, unless you're able to identify a very small number of IPs that are permitted externally. Check here to see Known SSH Vulnerabilities. Step 1 Creating an enable password DBTN-ASA(config)# enable password Password1 DBTN-ASA(config)# username dbtn password Password1 privilege 15 Step 2 Defining which IPs are permitted DBTN-ASA(config)# ssh 10.10.83.0 255.255.255.0 inside Step 3 Define a domain-name DBTN-ASA(config)# domain-name dontblamethenetwork.com Step 4 Generate your rsa key DBTN-ASA(config)# crypto key generate rsa modulus 2048 Step 5 Tie your authentication method to local logins LOCAL is a predefined keyword to look at device level logins DBTN-ASA(config)# aaa authentication ssh console LOCAL Thats it! SSH in and you're in business! All

Hashing is a one way process where your plain-text password is run through a complex algoritm to result in a fixed-length hash instead. This is what a small table of MD5 hashed passwords would look like. The passwords are not in plain text, each is its own 32 character string. To generate a hash based on your plain-text password you run your plain-text password through the MD5 algorithm, and returns a 32 character output.  MD5 Hashing This means when you try to log in to an application or site that utilizes MD5 Hashing, your plain-text password is run through this algorithm, and the resulting hash is compared to the password hash stored in the database.  If the hash matches then you would successfully authenticate and be permitted access.   Awesome! Problem solved, right? Not quite... While your password isnt stored in clear text, and it isnt reversable it can be queried against a  rainbow table , and still need to add in some  salting . I...

Salting generally just appends a string to your password prior to it being ran through the hashing algorithm. Salting makes it so rainbow tables are no longer effective. Using Salt: %3jU MD5 Hashes with salted passwords However, not even 830 Billion is enough for this rainbow table to find any of these common passwords now. The salt-string should be randomly generated for each entry, and housed in a separate table just to make things more difficult Reference: The rainbow table I am using above isHashkiller.co.uk: which boasts of over 830 BILLION unique decrypted MD5 hashes since 2007.  All

It's a lookup table for well known passwords. For the example below the rainbow table holds the plain-text and MD5 hashed format of many passswords for quick queries. The rainbow table I am using is Hashkiller.co.uk: which boasts of over 830 BILLION unique decrypted MD5 hashes since 2007. Here are 3 common passwords and their corresponding hashes. MD5 Hashes with plain-text passwords When entering in the hashes it queries then against its rainbow table and shows that all 3 were quickly found. Obviously this isn't secure enough yet, and this leads us into the need for salting . All