Solved

SSH Issue got me stumped!

Posted on 2008-06-16
2
616 Views
Last Modified: 2012-08-14
Hey Guys!

Any chance you could look at this for me!  I've posted the config below.  The problem is when I do the following:

conf t

line vty 0 4

transport input ssh

It all goes tits up! ;)  I disconnect from the router, then try and reconnect via ssh and it doesn't allow it!  It says connection refused.  I then have to call the site and get them to re-start the router to get access back!

I'm at a loss!  Any help would be appreciated!

Cheers,

Dave
Loughborough#show run

Building configuration...
 

Current configuration : 3591 bytes

!

! No configuration change since last restart

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname Loughborough

!

boot-start-marker

boot-end-marker

!

logging buffered 4096 debugging

enable secret 5 xxxxxxx.

enable password 7 xxxxxxxx

!

aaa new-model

!

!

aaa authentication banner ^C GB Building Solutions
 

WARNING : You have accessed a Computer

system operated by GB Building Solutions!
 

You are required to have a personal authorisation 

from the System Administrator before you use this 

system and you are strictly limited to the use set

out in that written authorisation. Unauthorised access

of a computer constitutes an offence under the 

Computer Misuse Act 1990.

          

You must ensure your User password conforms to the 

guidelines specified in the GB Computer Security Manual.
 

If you understand this message and have been authorised 

o use this system please enter your username and password 

below to continue this session.
 

Otherwise, you must disconnect from this session immediately.
 

^C

aaa authentication login TRAuthList group radius local

aaa authentication enable default group radius enable

aaa authorization network TRAuthList group radius local 

!

aaa session-id common

!

resource policy

!

ip subnet-zero

ip cef

!

!

ip domain name x.x.net

!

!

!

username netadmin privilege 15 password 7 xxxxxxx

!

! 

!         

crypto isakmp policy 1

 hash md5

 authentication pre-share

crypto isakmp key xxxxxxxxx address xxx.xxx.xxx.xxx

crypto isakmp keepalive 300 30

!

!

crypto ipsec transform-set gbl-secure esp-3des esp-md5-hmac 

!

crypto map to-GBLHQ 14 ipsec-isakmp 

 set peer xxx.xxx.xxx.xxx

 set transform-set gbl-secure 

 match address CryptoTraffic

!

!

!

interface ATM0

 no ip address

 no ip mroute-cache

 atm vc-per-vp 64

 no atm ilmi-keepalive

 pvc 0/38 

  encapsulation aal5mux ppp dialer

  dialer pool-member 1

 !

 dsl operating-mode auto 

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface Vlan1

 ip address 10.203.26.1 255.255.255.0

 no ip mroute-cache

 hold-queue 100 out

!

interface Dialer1

 ip address negotiated

 encapsulation ppp

 dialer pool 1

 dialer-group 1

 ppp authentication chap pap callin

 ppp chap hostname blah@blah.com

 ppp chap password 7 xxxxxxxx

 ppp pap sent-username blah@blah.com password 7 xxxxxxxx

 ppp ipcp dns request

 ppp ipcp wins request

 crypto map to-GBLHQ

 hold-queue 224 in

!

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

!

no ip http server

no ip http secure-server

!

ip access-list extended CryptoTraffic

 permit ip 10.203.26.0 0.0.0.255 10.0.0.0 0.255.255.255

 permit ip 10.203.26.0 0.0.0.255 host xxx.xxx.xxx.xxx

ip access-list extended TelnetAccess

 permit ip xxx.xxx.xxx.xxx 0.0.0.63 any

 permit ip 10.0.0.0 0.255.255.255 any

!

ip radius source-interface Vlan1 

logging source-interface Vlan1

logging 10.1.6.36

dialer-list 1 protocol ip permit

snmp-server community public RO

snmp-server community management RW

radius-server host 10.1.6.36 auth-port 1645 acct-port 1646 key 7 xxxxxxx

!

control-plane

!

!

line con 0

 exec-timeout 120 0

 no modem enable

 stopbits 1

line aux 0

 stopbits 1

line vty 0 4

 access-class TelnetAccess in

 exec-timeout 120 0

 password 7 xxxxxxxxx

 logging synchronous

 login authentication TRAuthList

 length 0

!

scheduler max-task-time 5000

sntp server 10.1.1.1

sntp server 158.43.128.33

end

Open in new window

0
Comment
Question by:daveforster
2 Comments
 
LVL 7

Accepted Solution

by:
naughton earned 500 total points
ID: 21797288
conf t
ip domain-name
crypto key generate rsa
line vty 0 4
transport input ssh
exit

then try SSH connection.
0
 
LVL 7

Author Closing Comment

by:daveforster
ID: 31467554
Man, I can't believe I forgot the crypto generation!!!  Doh!  It's been a LONG week and it's only Tuesday! ;)  Thanks for your help dude!  Much appreciated!

Cheers,

Dave
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
This article is a guide to configure bridging on Cisco Routers.  This is something I never knew was possible until after making a few phone calls to Cisco.  Using bridging saved our company money by not requiring us to purchase a new switch.  Bridgi…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now