Solved

SHH problem

Posted on 2007-12-04
5
1,422 Views
Last Modified: 2012-06-21
Hi everybody! I have a new cisco catalyst 2950 switch. I have upgraded
today the IOS to support encryption and also I have enabled the SSH
server on the switch.
#configure terminal
#hostname switch
#ip domain name sky.com
#crypto key generate rsa

I'm trying to get connected to the switch using
SSH Tera Pro clent. But when I'm promped for authentication I cannot
figure out what are the default username and password. If there is one?
I have created username test with password test.
#username test privilege 15 password test
Doesn't work to me again. Probabbly I'm doing something wrong.
Anybody has an idea?
This is after #debug ip ssh
20:15:30: SSH2 0: input: padlen 11
20:15:30: SSH2 0: received packet type 50
20:15:30: SSH2 0: send: len 24 (includes padlen 5)
20:15:30: SSH2 0: done calc MAC out #6
20:15:30: SSH2 0: input: packet len 152
20:15:30: SSH2 0: partial packet 8, need 144, maclen 20
20:15:30: SSH2 0: MAC #12 ok
20:15:30: SSH2 0: input: padlen 6
20:15:30: SSH2 0: received packet type 2
20:15:40: SSH2 0: ssh_receive: 292 bytes received
20:15:40: SSH2 0: input: packet len 16
20:15:40: SSH2 0: partial packet 8, need 8, maclen 20
20:15:40: SSH2 0: MAC #13 ok
20:15:40: SSH2 0: input: padlen 6
20:15:40: SSH2 0: received packet type 2
20:15:40: SSH2 0: input: packet len 64
20:15:40: SSH2 0: partial packet 8, need 56, maclen 20
20:15:40: SSH2 0: MAC #14 ok
20:15:40: SSH2 0: input: padlen 11
20:15:40: SSH2 0: received packet type 50
20:15:40: SSH2 0: send: len 24 (includes padlen 5)
20:15:40: SSH2 0: done calc MAC out #7
20:15:40: SSH2 0: authentication failed for userid (code=1)
20:15:40: SSH0: Session disconnected - error 0x09
Thanks,
0
Comment
Question by:tombbonb
  • 3
  • 2
5 Comments
 
LVL 33

Expert Comment

by:Dave Howe
ID: 20404377
provided you have "aaa authentication login default local" set in your running config, the user/pass pair you set up should be used.
Do you want to dump any bits of your config that relate to authentication into the question?
0
 
LVL 1

Author Comment

by:tombbonb
ID: 20405162
Thanks for the replay but I'm not sure I understand what do you mean with "aaa authentication login default local"

This is the switch config:
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
enable secret 5 XXXXXXXXX
!
username test privilege 15 password 0 test
errdisable recovery cause link-flap
errdisable recovery interval 60
ip subnet-zero
!
ip domain-name thirdsecurity.com
ip ssh time-out 60
ip ssh authentication-retries 2
udld aggressive
!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
macro global description cisco-global
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
.
.
.
interface FastEthernet0/48
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
 ip address 192.168.1.199 255.255.255.0
 no ip route-cache
!
ip default-gateway 192.168.1.1
ip http server
tftp-server flash c2950-i6k2l2q4-mz.121-22.EA10a.bin
tftp-server flash:
!
line con 0
 exec-timeout 0 0
line vty 0 4
 password XXX
 login
line vty 5 15
 password XXX
 login!
end
0
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
ID: 20413547
12.1? try adding the following to your config:

aaa new-model

then ssh in again :)
0
 
LVL 1

Author Comment

by:tombbonb
ID: 20415397
Uauuu no it's working! :)
Can you please let me know what is this command doing actually?

Thakns,
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 20415540
aaa controls your authentication profile. in 12.1, just adding "aaa new-model" on its own forces use of local passwords - you could use a more complex aaa auth sequence, like the one I posted at first, but just declaring new-model will do all that is needful.

0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Watchguard Firewall Setup 3 71
Port ssh and port rsysc are different 2 99
Cisco RV 130 - No internet on wired connections, wireless clients ok 32 30
EIGRP STUB 19 43
When the confidentiality and security of your data is a must, trust the highly encrypted cloud fax portfolio used by 12 million businesses worldwide, including nearly half of the Fortune 500.
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now