Solved

SSH Issue with Cisco Router

Posted on 2009-04-09
7
731 Views
Last Modified: 2012-05-06
Hey,
I am configuring a router and i am stuck at getting the ssh going.
Using Putty i can connect via SSH but i do not know what changes i need to do in order to connect or use SDM in HTTPS mode.
When i choose HTTPS mode on the promt I.E "YOU ARE USING HTTP TO CONNECT TO THE ROUTER. A MORE SECURE PROTOCOL(HTTPS)IS AVAILABLE. CLICK OK TO USE HTTPS, OR CANCEL TO CONTINUE WITH HTTP.
I click OK to use HTTPS and i am prompted with the website security certificate. I then click Continue to this website option.
I am prompted to enter username and password,which when i do i get the following message
THE NAME OF THE SITE DOES NOT MATCH THE NAME ON THE CERTIFICATE.DO YOU WANT TO CONTINUE.
where name  is 10.0.0.251 and Publisher it says CISCO.BM.com.

I click OK and the message is repeated several times and eventually nothing happens .

I have created the rsa keys as well.

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CISCO
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 51200 warnings
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
!
!
ip cef
no ip domain lookup
ip domain name BM.com
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
!
!
username zebra privilege 15 secret 5 $1$RiS7$3i0WwpmdH81L19R6H6lyi0
!
!
!
archive
 log config
  hidekeys
!
!
ip ssh version 2
!
!
!
!
interface FastEthernet0/0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$
 ip address 10.0.0.251 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description $ES_LAN$
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/1/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/3/0
 ip address 192.168.1.1 255.255.255.0
 duplex auto
 speed auto
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
!
!
!
!
!
!
!
!
control-plane
!
!
!
ccm-manager fax protocol cisco
!
mgcp fax t38 ecm
!
!
!
!
!
banner motd  
******************************************************************
THIS ROUTER IS A PRIVATE PROPERTY OF XYZ, UK.
******************************************************************
 
!
line con 0
 exec-timeout 0 0
 logging synchronous
 login local
line aux 0
line vty 0 4
 privilege level 15
 logging synchronous
 login local
 transport input telnet ssh
line vty 5 15
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler allocate 20000 1000
end

0
Comment
Question by:WannabeNerd
  • 4
  • 3
7 Comments
 
LVL 28

Accepted Solution

by:
asavener earned 500 total points
ID: 24108539
0
 

Author Comment

by:WannabeNerd
ID: 24108877
Thanks,
Followed the paper step by step but still the same result. Am i supposed to install the certificate on the pc ? No idea ?



!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CISCO
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 51200 warnings
!
no aaa new-model
!
crypto pki trustpoint tti
 revocation-check crl
 rsakeypair tti
!
crypto pki trustpoint LOCAL
 enrollment selfsigned
 serial-number
 ip-address 10.0.0.251
 revocation-check crl
!
!
crypto pki certificate chain tti
crypto pki certificate chain LOCAL
 certificate self-signed 49
  3082028B 308201F4 A0030201 02020149 300D0609 2A864886 F70D0101 04050030
  51314F30 12060355 0405130B 46435A31 32333131 30383430 1706092A 864886F7
  0D010908 130A3130 2E302E30 2E323531 30200609 2A864886 F70D0109 02161342
  454C544F 4E4D4153 5345592E 424D2E63 6F6D301E 170D3039 30343039 31363231
  31385A17 0D323030 31303130 30303030 305A3051 314F3012 06035504 05130B46
  435A3132 33313130 38343017 06092A86 4886F70D 01090813 0A31302E 302E302E
  32353130 2006092A 864886F7 0D010902 16134245 4C544F4E 4D415353 45592E42
  4D2E636F 6D30819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100DA4F A6BD12EB D61D6F4D 21C473E6 8156985C 15EC95A4 63EBC921 EEE21120
  F8E6C9E5 C759F705 B7467AA4 DFF2BAB2 BE85116B 3080476D 866EA65C 95F6CC90
  7D4257CE D2B08E9F 1E855090 6063F5B2 EB785E9A 69FC60A4 6F9C3FC7 E979E64A
  39CBEFAF 299B4C22 125A76CF 4D6040CB 433FE7C3 E0C88ABB C6C96BC1 54946D1E
  A9750203 010001A3 73307130 0F060355 1D130101 FF040530 030101FF 301E0603
  551D1104 17301582 1342454C 544F4E4D 41535345 592E424D 2E636F6D 301F0603
  551D2304 18301680 14C654A2 DA63BD3E 0A31E975 39F5FCE8 0411BB1B C3301D06
  03551D0E 04160414 C654A2DA 63BD3E0A 31E97539 F5FCE804 11BB1BC3 300D0609
  2A864886 F70D0101 04050003 818100BA 3D6158E7 C9F9FCCE 6F793E37 F67ADF82
  B621B199 F1B68A8A 71A2B2E9 814FDC4F 1B533C11 61587FC0 57BB12B8 06C31581
  5493A37A C1B447E6 E65BC64A 798C25CA 151A7C04 5D2F7F67 EB8903C5 0FCAEE33
  1DF7D3EC 137DAD25 7DA67BCF 071CCF61 9B1B4D5C 50E7F640 4F64F659 C7282B88
  D7F37819 83950403 38804485 5B4741
        quit
dot11 syslog
ip source-route
!
!
!
!
ip cef
no ip domain lookup
ip domain name BM.com
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
!
!
username zebra privilege 15 secret 5 $1$RiS7$3i0WwpmdH81L19R6H6lyi0
!
!
!
archive
 log config
  hidekeys
!
!
ip ssh version 2
!
!
!
!
interface FastEthernet0/0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$
 ip address 10.0.0.251 255.255.255.0
 ip access-group 100 in
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description $ES_LAN$
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/1/0
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/3/0
 ip address 192.168.1.1 255.255.255.0
 duplex auto
 speed auto
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
!
!
!
!
!
!
!
!
control-plane
!
!
!
ccm-manager fax protocol cisco
!
mgcp fax t38 ecm
!
!
!
!
!
banner motd  
******************************************************************
THIS ROUTER IS A PRIVATE PROPERTY OF XYZ, UK.
*******************************************************************************
 
!
line con 0
 exec-timeout 0 0
 logging synchronous
 login local
line aux 0
line vty 0 4
 privilege level 15
 logging synchronous
 login local
 transport input telnet ssh
line vty 5 15
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler allocate 20000 1000
end

0
 
LVL 28

Expert Comment

by:asavener
ID: 24108958
Don't know if router requires a reboot after that.

You might try:

no ip http secure-server
no ip http server
ip http server
ip http secure-server

To restart the HTTPS service on the router.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:WannabeNerd
ID: 24108970
Will try that first thing tomorrow and let you know.
Thanks
0
 

Author Comment

by:WannabeNerd
ID: 24114072
I rebooted the router after applying the changes.
I still cant connect using https, although this time i dont get the warning message THE NAME OF THE SITE DOES NOT MATCH THE NAME ON THE CERTIFICATE.DO YOU WANT TO CONTINUE.

It straight away goes to the SDM launch page, where it says loading cisco SDM . And eventually times out.

SDM is installed on the PC as well on the Flash.
When i connect using the PC SDM selecting HTTPS connection ,it prompts me for a username and password .And i can log in without problem.
ITs only when i put the ip address in the URL tab to get to the router SDM, i am facing the above problem.

Any Ideas!!
0
 
LVL 28

Assisted Solution

by:asavener
asavener earned 500 total points
ID: 24115221
I've seen the SDM timeout issue on other threads; others have had success with a) clearing browser cache, b) reinstalling java, c) installing an older version of java.
0
 

Author Comment

by:WannabeNerd
ID: 24116596
Yes, thanks!
As soon as i changed to an older version of java, it worked but does it mean that whenever i try to connect to the router for different machines using a secure connection ,i need to degrade java everytime.
Its daft. :-)

Thanks!
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now