Solved

SHH problem

Posted on 2007-12-04
5
1,460 Views
Last Modified: 2012-06-21
Hi everybody! I have a new cisco catalyst 2950 switch. I have upgraded
today the IOS to support encryption and also I have enabled the SSH
server on the switch.
#configure terminal
#hostname switch
#ip domain name sky.com
#crypto key generate rsa

I'm trying to get connected to the switch using
SSH Tera Pro clent. But when I'm promped for authentication I cannot
figure out what are the default username and password. If there is one?
I have created username test with password test.
#username test privilege 15 password test
Doesn't work to me again. Probabbly I'm doing something wrong.
Anybody has an idea?
This is after #debug ip ssh
20:15:30: SSH2 0: input: padlen 11
20:15:30: SSH2 0: received packet type 50
20:15:30: SSH2 0: send: len 24 (includes padlen 5)
20:15:30: SSH2 0: done calc MAC out #6
20:15:30: SSH2 0: input: packet len 152
20:15:30: SSH2 0: partial packet 8, need 144, maclen 20
20:15:30: SSH2 0: MAC #12 ok
20:15:30: SSH2 0: input: padlen 6
20:15:30: SSH2 0: received packet type 2
20:15:40: SSH2 0: ssh_receive: 292 bytes received
20:15:40: SSH2 0: input: packet len 16
20:15:40: SSH2 0: partial packet 8, need 8, maclen 20
20:15:40: SSH2 0: MAC #13 ok
20:15:40: SSH2 0: input: padlen 6
20:15:40: SSH2 0: received packet type 2
20:15:40: SSH2 0: input: packet len 64
20:15:40: SSH2 0: partial packet 8, need 56, maclen 20
20:15:40: SSH2 0: MAC #14 ok
20:15:40: SSH2 0: input: padlen 11
20:15:40: SSH2 0: received packet type 50
20:15:40: SSH2 0: send: len 24 (includes padlen 5)
20:15:40: SSH2 0: done calc MAC out #7
20:15:40: SSH2 0: authentication failed for userid (code=1)
20:15:40: SSH0: Session disconnected - error 0x09
Thanks,
0
Comment
Question by:tombbonb
  • 3
  • 2
5 Comments
 
LVL 33

Expert Comment

by:Dave Howe
ID: 20404377
provided you have "aaa authentication login default local" set in your running config, the user/pass pair you set up should be used.
Do you want to dump any bits of your config that relate to authentication into the question?
0
 
LVL 1

Author Comment

by:tombbonb
ID: 20405162
Thanks for the replay but I'm not sure I understand what do you mean with "aaa authentication login default local"

This is the switch config:
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
enable secret 5 XXXXXXXXX
!
username test privilege 15 password 0 test
errdisable recovery cause link-flap
errdisable recovery interval 60
ip subnet-zero
!
ip domain-name thirdsecurity.com
ip ssh time-out 60
ip ssh authentication-retries 2
udld aggressive
!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
macro global description cisco-global
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
.
.
.
interface FastEthernet0/48
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
 ip address 192.168.1.199 255.255.255.0
 no ip route-cache
!
ip default-gateway 192.168.1.1
ip http server
tftp-server flash c2950-i6k2l2q4-mz.121-22.EA10a.bin
tftp-server flash:
!
line con 0
 exec-timeout 0 0
line vty 0 4
 password XXX
 login
line vty 5 15
 password XXX
 login!
end
0
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
ID: 20413547
12.1? try adding the following to your config:

aaa new-model

then ssh in again :)
0
 
LVL 1

Author Comment

by:tombbonb
ID: 20415397
Uauuu no it's working! :)
Can you please let me know what is this command doing actually?

Thakns,
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 20415540
aaa controls your authentication profile. in 12.1, just adding "aaa new-model" on its own forces use of local passwords - you could use a more complex aaa auth sequence, like the one I posted at first, but just declaring new-model will do all that is needful.

0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
In 2017, ransomware will become so virulent and widespread that if you aren’t a victim yourself, you will know someone who is.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question