Solved

SHH problem

Posted on 2007-12-04
5
1,479 Views
Last Modified: 2012-06-21
Hi everybody! I have a new cisco catalyst 2950 switch. I have upgraded
today the IOS to support encryption and also I have enabled the SSH
server on the switch.
#configure terminal
#hostname switch
#ip domain name sky.com
#crypto key generate rsa

I'm trying to get connected to the switch using
SSH Tera Pro clent. But when I'm promped for authentication I cannot
figure out what are the default username and password. If there is one?
I have created username test with password test.
#username test privilege 15 password test
Doesn't work to me again. Probabbly I'm doing something wrong.
Anybody has an idea?
This is after #debug ip ssh
20:15:30: SSH2 0: input: padlen 11
20:15:30: SSH2 0: received packet type 50
20:15:30: SSH2 0: send: len 24 (includes padlen 5)
20:15:30: SSH2 0: done calc MAC out #6
20:15:30: SSH2 0: input: packet len 152
20:15:30: SSH2 0: partial packet 8, need 144, maclen 20
20:15:30: SSH2 0: MAC #12 ok
20:15:30: SSH2 0: input: padlen 6
20:15:30: SSH2 0: received packet type 2
20:15:40: SSH2 0: ssh_receive: 292 bytes received
20:15:40: SSH2 0: input: packet len 16
20:15:40: SSH2 0: partial packet 8, need 8, maclen 20
20:15:40: SSH2 0: MAC #13 ok
20:15:40: SSH2 0: input: padlen 6
20:15:40: SSH2 0: received packet type 2
20:15:40: SSH2 0: input: packet len 64
20:15:40: SSH2 0: partial packet 8, need 56, maclen 20
20:15:40: SSH2 0: MAC #14 ok
20:15:40: SSH2 0: input: padlen 11
20:15:40: SSH2 0: received packet type 50
20:15:40: SSH2 0: send: len 24 (includes padlen 5)
20:15:40: SSH2 0: done calc MAC out #7
20:15:40: SSH2 0: authentication failed for userid (code=1)
20:15:40: SSH0: Session disconnected - error 0x09
Thanks,
0
Comment
Question by:tombbonb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 33

Expert Comment

by:Dave Howe
ID: 20404377
provided you have "aaa authentication login default local" set in your running config, the user/pass pair you set up should be used.
Do you want to dump any bits of your config that relate to authentication into the question?
0
 
LVL 1

Author Comment

by:tombbonb
ID: 20405162
Thanks for the replay but I'm not sure I understand what do you mean with "aaa authentication login default local"

This is the switch config:
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
enable secret 5 XXXXXXXXX
!
username test privilege 15 password 0 test
errdisable recovery cause link-flap
errdisable recovery interval 60
ip subnet-zero
!
ip domain-name thirdsecurity.com
ip ssh time-out 60
ip ssh authentication-retries 2
udld aggressive
!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
macro global description cisco-global
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
.
.
.
interface FastEthernet0/48
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
 ip address 192.168.1.199 255.255.255.0
 no ip route-cache
!
ip default-gateway 192.168.1.1
ip http server
tftp-server flash c2950-i6k2l2q4-mz.121-22.EA10a.bin
tftp-server flash:
!
line con 0
 exec-timeout 0 0
line vty 0 4
 password XXX
 login
line vty 5 15
 password XXX
 login!
end
0
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
ID: 20413547
12.1? try adding the following to your config:

aaa new-model

then ssh in again :)
0
 
LVL 1

Author Comment

by:tombbonb
ID: 20415397
Uauuu no it's working! :)
Can you please let me know what is this command doing actually?

Thakns,
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 20415540
aaa controls your authentication profile. in 12.1, just adding "aaa new-model" on its own forces use of local passwords - you could use a more complex aaa auth sequence, like the one I posted at first, but just declaring new-model will do all that is needful.

0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question