SHH problem
Hi everybody! I have a new cisco catalyst 2950 switch. I have upgraded
today the IOS to support encryption and also I have enabled the SSH
server on the switch.
#configure terminal
#hostname switch
#ip domain name sky.com
#crypto key generate rsa
I'm trying to get connected to the switch using
SSH Tera Pro clent. But when I'm promped for authentication I cannot
figure out what are the default username and password. If there is one?
I have created username test with password test.
#username test privilege 15 password test
Doesn't work to me again. Probabbly I'm doing something wrong.
Anybody has an idea?
This is after #debug ip ssh
20:15:30: SSH2 0: input: padlen 11
20:15:30: SSH2 0: received packet type 50
20:15:30: SSH2 0: send: len 24 (includes padlen 5)
20:15:30: SSH2 0: done calc MAC out #6
20:15:30: SSH2 0: input: packet len 152
20:15:30: SSH2 0: partial packet 8, need 144, maclen 20
20:15:30: SSH2 0: MAC #12 ok
20:15:30: SSH2 0: input: padlen 6
20:15:30: SSH2 0: received packet type 2
20:15:40: SSH2 0: ssh_receive: 292 bytes received
20:15:40: SSH2 0: input: packet len 16
20:15:40: SSH2 0: partial packet 8, need 8, maclen 20
20:15:40: SSH2 0: MAC #13 ok
20:15:40: SSH2 0: input: padlen 6
20:15:40: SSH2 0: received packet type 2
20:15:40: SSH2 0: input: packet len 64
20:15:40: SSH2 0: partial packet 8, need 56, maclen 20
20:15:40: SSH2 0: MAC #14 ok
20:15:40: SSH2 0: input: padlen 11
20:15:40: SSH2 0: received packet type 50
20:15:40: SSH2 0: send: len 24 (includes padlen 5)
20:15:40: SSH2 0: done calc MAC out #7
20:15:40: SSH2 0: authentication failed for userid (code=1)
20:15:40: SSH0: Session disconnected - error 0x09
Thanks,
today the IOS to support encryption and also I have enabled the SSH
server on the switch.
#configure terminal
#hostname switch
#ip domain name sky.com
#crypto key generate rsa
I'm trying to get connected to the switch using
SSH Tera Pro clent. But when I'm promped for authentication I cannot
figure out what are the default username and password. If there is one?
I have created username test with password test.
#username test privilege 15 password test
Doesn't work to me again. Probabbly I'm doing something wrong.
Anybody has an idea?
This is after #debug ip ssh
20:15:30: SSH2 0: input: padlen 11
20:15:30: SSH2 0: received packet type 50
20:15:30: SSH2 0: send: len 24 (includes padlen 5)
20:15:30: SSH2 0: done calc MAC out #6
20:15:30: SSH2 0: input: packet len 152
20:15:30: SSH2 0: partial packet 8, need 144, maclen 20
20:15:30: SSH2 0: MAC #12 ok
20:15:30: SSH2 0: input: padlen 6
20:15:30: SSH2 0: received packet type 2
20:15:40: SSH2 0: ssh_receive: 292 bytes received
20:15:40: SSH2 0: input: packet len 16
20:15:40: SSH2 0: partial packet 8, need 8, maclen 20
20:15:40: SSH2 0: MAC #13 ok
20:15:40: SSH2 0: input: padlen 6
20:15:40: SSH2 0: received packet type 2
20:15:40: SSH2 0: input: packet len 64
20:15:40: SSH2 0: partial packet 8, need 56, maclen 20
20:15:40: SSH2 0: MAC #14 ok
20:15:40: SSH2 0: input: padlen 11
20:15:40: SSH2 0: received packet type 50
20:15:40: SSH2 0: send: len 24 (includes padlen 5)
20:15:40: SSH2 0: done calc MAC out #7
20:15:40: SSH2 0: authentication failed for userid (code=1)
20:15:40: SSH0: Session disconnected - error 0x09
Thanks,
ASKER
Thanks for the replay but I'm not sure I understand what do you mean with "aaa authentication login default local"
This is the switch config:
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
enable secret 5 XXXXXXXXX
!
username test privilege 15 password 0 test
errdisable recovery cause link-flap
errdisable recovery interval 60
ip subnet-zero
!
ip domain-name thirdsecurity.com
ip ssh time-out 60
ip ssh authentication-retries 2
udld aggressive
!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
macro global description cisco-global
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
.
.
.
interface FastEthernet0/48
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.1.199 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.1.1
ip http server
tftp-server flash c2950-i6k2l2q4-mz.121-22.E
tftp-server flash:
!
line con 0
exec-timeout 0 0
line vty 0 4
password XXX
login
line vty 5 15
password XXX
login!
end
This is the switch config:
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
enable secret 5 XXXXXXXXX
!
username test privilege 15 password 0 test
errdisable recovery cause link-flap
errdisable recovery interval 60
ip subnet-zero
!
ip domain-name thirdsecurity.com
ip ssh time-out 60
ip ssh authentication-retries 2
udld aggressive
!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
macro global description cisco-global
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
.
.
.
interface FastEthernet0/48
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.1.199 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.1.1
ip http server
tftp-server flash c2950-i6k2l2q4-mz.121-22.E
tftp-server flash:
!
line con 0
exec-timeout 0 0
line vty 0 4
password XXX
login
line vty 5 15
password XXX
login!
end
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Uauuu no it's working! :)
Can you please let me know what is this command doing actually?
Thakns,
Can you please let me know what is this command doing actually?
Thakns,
aaa controls your authentication profile. in 12.1, just adding "aaa new-model" on its own forces use of local passwords - you could use a more complex aaa auth sequence, like the one I posted at first, but just declaring new-model will do all that is needful.
Do you want to dump any bits of your config that relate to authentication into the question?