WannabeNerd
asked on
SSH Issue with Cisco Router
Hey,
I am configuring a router and i am stuck at getting the ssh going.
Using Putty i can connect via SSH but i do not know what changes i need to do in order to connect or use SDM in HTTPS mode.
When i choose HTTPS mode on the promt I.E "YOU ARE USING HTTP TO CONNECT TO THE ROUTER. A MORE SECURE PROTOCOL(HTTPS)IS AVAILABLE. CLICK OK TO USE HTTPS, OR CANCEL TO CONTINUE WITH HTTP.
I click OK to use HTTPS and i am prompted with the website security certificate. I then click Continue to this website option.
I am prompted to enter username and password,which when i do i get the following message
THE NAME OF THE SITE DOES NOT MATCH THE NAME ON THE CERTIFICATE.DO YOU WANT TO CONTINUE.
where name is 10.0.0.251 and Publisher it says CISCO.BM.com.
I click OK and the message is repeated several times and eventually nothing happens .
I have created the rsa keys as well.
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CISCO
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 51200 warnings
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
!
!
ip cef
no ip domain lookup
ip domain name BM.com
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
!
!
username zebra privilege 15 secret 5 $1$RiS7$3i0WwpmdH81L19R6H6
!
!
!
archive
log config
hidekeys
!
!
ip ssh version 2
!
!
!
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$I
ip address 10.0.0.251 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
description $ES_LAN$
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/3/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
!
!
!
!
!
!
!
!
control-plane
!
!
!
ccm-manager fax protocol cisco
!
mgcp fax t38 ecm
!
!
!
!
!
banner motd
**************************
THIS ROUTER IS A PRIVATE PROPERTY OF XYZ, UK.
**************************
!
line con 0
exec-timeout 0 0
logging synchronous
login local
line aux 0
line vty 0 4
privilege level 15
logging synchronous
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
end
I am configuring a router and i am stuck at getting the ssh going.
Using Putty i can connect via SSH but i do not know what changes i need to do in order to connect or use SDM in HTTPS mode.
When i choose HTTPS mode on the promt I.E "YOU ARE USING HTTP TO CONNECT TO THE ROUTER. A MORE SECURE PROTOCOL(HTTPS)IS AVAILABLE. CLICK OK TO USE HTTPS, OR CANCEL TO CONTINUE WITH HTTP.
I click OK to use HTTPS and i am prompted with the website security certificate. I then click Continue to this website option.
I am prompted to enter username and password,which when i do i get the following message
THE NAME OF THE SITE DOES NOT MATCH THE NAME ON THE CERTIFICATE.DO YOU WANT TO CONTINUE.
where name is 10.0.0.251 and Publisher it says CISCO.BM.com.
I click OK and the message is repeated several times and eventually nothing happens .
I have created the rsa keys as well.
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CISCO
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 51200 warnings
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
!
!
ip cef
no ip domain lookup
ip domain name BM.com
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
!
!
username zebra privilege 15 secret 5 $1$RiS7$3i0WwpmdH81L19R6H6
!
!
!
archive
log config
hidekeys
!
!
ip ssh version 2
!
!
!
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$I
ip address 10.0.0.251 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
description $ES_LAN$
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/3/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
!
!
!
!
!
!
!
!
control-plane
!
!
!
ccm-manager fax protocol cisco
!
mgcp fax t38 ecm
!
!
!
!
!
banner motd
**************************
THIS ROUTER IS A PRIVATE PROPERTY OF XYZ, UK.
**************************
!
line con 0
exec-timeout 0 0
logging synchronous
login local
line aux 0
line vty 0 4
privilege level 15
logging synchronous
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
end
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Don't know if router requires a reboot after that.
You might try:
no ip http secure-server
no ip http server
ip http server
ip http secure-server
To restart the HTTPS service on the router.
You might try:
no ip http secure-server
no ip http server
ip http server
ip http secure-server
To restart the HTTPS service on the router.
ASKER
Will try that first thing tomorrow and let you know.
Thanks
Thanks
ASKER
I rebooted the router after applying the changes.
I still cant connect using https, although this time i dont get the warning message THE NAME OF THE SITE DOES NOT MATCH THE NAME ON THE CERTIFICATE.DO YOU WANT TO CONTINUE.
It straight away goes to the SDM launch page, where it says loading cisco SDM . And eventually times out.
SDM is installed on the PC as well on the Flash.
When i connect using the PC SDM selecting HTTPS connection ,it prompts me for a username and password .And i can log in without problem.
ITs only when i put the ip address in the URL tab to get to the router SDM, i am facing the above problem.
Any Ideas!!
I still cant connect using https, although this time i dont get the warning message THE NAME OF THE SITE DOES NOT MATCH THE NAME ON THE CERTIFICATE.DO YOU WANT TO CONTINUE.
It straight away goes to the SDM launch page, where it says loading cisco SDM . And eventually times out.
SDM is installed on the PC as well on the Flash.
When i connect using the PC SDM selecting HTTPS connection ,it prompts me for a username and password .And i can log in without problem.
ITs only when i put the ip address in the URL tab to get to the router SDM, i am facing the above problem.
Any Ideas!!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes, thanks!
As soon as i changed to an older version of java, it worked but does it mean that whenever i try to connect to the router for different machines using a secure connection ,i need to degrade java everytime.
Its daft. :-)
Thanks!
As soon as i changed to an older version of java, it worked but does it mean that whenever i try to connect to the router for different machines using a secure connection ,i need to degrade java everytime.
Its daft. :-)
Thanks!
ASKER
Followed the paper step by step but still the same result. Am i supposed to install the certificate on the pc ? No idea ?
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CISCO
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 51200 warnings
!
no aaa new-model
!
crypto pki trustpoint tti
revocation-check crl
rsakeypair tti
!
crypto pki trustpoint LOCAL
enrollment selfsigned
serial-number
ip-address 10.0.0.251
revocation-check crl
!
!
crypto pki certificate chain tti
crypto pki certificate chain LOCAL
certificate self-signed 49
3082028B 308201F4 A0030201 02020149 300D0609 2A864886 F70D0101 04050030
51314F30 12060355 0405130B 46435A31 32333131 30383430 1706092A 864886F7
0D010908 130A3130 2E302E30 2E323531 30200609 2A864886 F70D0109 02161342
454C544F 4E4D4153 5345592E 424D2E63 6F6D301E 170D3039 30343039 31363231
31385A17 0D323030 31303130 30303030 305A3051 314F3012 06035504 05130B46
435A3132 33313130 38343017 06092A86 4886F70D 01090813 0A31302E 302E302E
32353130 2006092A 864886F7 0D010902 16134245 4C544F4E 4D415353 45592E42
4D2E636F 6D30819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100DA4F A6BD12EB D61D6F4D 21C473E6 8156985C 15EC95A4 63EBC921 EEE21120
F8E6C9E5 C759F705 B7467AA4 DFF2BAB2 BE85116B 3080476D 866EA65C 95F6CC90
7D4257CE D2B08E9F 1E855090 6063F5B2 EB785E9A 69FC60A4 6F9C3FC7 E979E64A
39CBEFAF 299B4C22 125A76CF 4D6040CB 433FE7C3 E0C88ABB C6C96BC1 54946D1E
A9750203 010001A3 73307130 0F060355 1D130101 FF040530 030101FF 301E0603
551D1104 17301582 1342454C 544F4E4D 41535345 592E424D 2E636F6D 301F0603
551D2304 18301680 14C654A2 DA63BD3E 0A31E975 39F5FCE8 0411BB1B C3301D06
03551D0E 04160414 C654A2DA 63BD3E0A 31E97539 F5FCE804 11BB1BC3 300D0609
2A864886 F70D0101 04050003 818100BA 3D6158E7 C9F9FCCE 6F793E37 F67ADF82
B621B199 F1B68A8A 71A2B2E9 814FDC4F 1B533C11 61587FC0 57BB12B8 06C31581
5493A37A C1B447E6 E65BC64A 798C25CA 151A7C04 5D2F7F67 EB8903C5 0FCAEE33
1DF7D3EC 137DAD25 7DA67BCF 071CCF61 9B1B4D5C 50E7F640 4F64F659 C7282B88
D7F37819 83950403 38804485 5B4741
quit
dot11 syslog
ip source-route
!
!
!
!
ip cef
no ip domain lookup
ip domain name BM.com
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
!
!
username zebra privilege 15 secret 5 $1$RiS7$3i0WwpmdH81L19R6H6
!
!
!
archive
log config
hidekeys
!
!
ip ssh version 2
!
!
!
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$I
ip address 10.0.0.251 255.255.255.0
ip access-group 100 in
duplex auto
speed auto
!
interface FastEthernet0/1
description $ES_LAN$
no ip address
duplex auto
speed auto
!
interface FastEthernet0/1/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/3/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
!
!
!
!
!
!
!
!
control-plane
!
!
!
ccm-manager fax protocol cisco
!
mgcp fax t38 ecm
!
!
!
!
!
banner motd
**************************
THIS ROUTER IS A PRIVATE PROPERTY OF XYZ, UK.
**************************
!
line con 0
exec-timeout 0 0
logging synchronous
login local
line aux 0
line vty 0 4
privilege level 15
logging synchronous
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
end