SSH ver 2 issue

trinidadmd
trinidadmd used Ask the Experts™
on
Hi,

Having issues trying to SSH ver2 into my switch and router setting up encryption keys. I don't have a problem with creating SSH with my labs i watch from CBT nuggets. But i found that my issue is with authentication.  Once i put these two commands in I can login....

aaa new-model
aaa authentication login
 but it doesn't prompt me with a username. But I'm able to SSH into Router now before I didn't have these commandes it would just time out.  I'll att my config file this is really frustrating me now, because its affecting my other labs for login in secure via IE using SDM. any help i would greatly apprecaite.

I have a 1811 Wireless Router....

1811W_Router#sho run
Building configuration...

Current configuration : 4249 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname 1811W_Router
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 $1$MBc0$D91CJmJ584aw35JptHKk3/
!
aaa new-model
!
!
aaa authentication login userauthenticate local
!
!
aaa session-id common
!
crypto pki trustpoint TP-self-signed-3991264134
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3991264134
 revocation-check none
 rsakeypair TP-self-signed-3991264134
!
!
crypto pki certificate chain TP-self-signed-3991264134
 certificate self-signed 01
  30820251 308201BA A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33393931 32363431 3334301E 170D3131 30353133 32333036
  31315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 39393132
  36343133 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100CFF7 7A9AF906 2E9D14F4 C4A5BC14 4CFAE567 30093DC6 5985BD99 75C03451
  F99E9E8B 6C1B3DEA 2178CD2C E624249A CDE2035D 248F2C0F 2F4DD2B8 CE719EAA
  4BFF74C5 059C4134 9A8E36F0 739E841C 58C3A033 87B96165 BA377827 F1EED163
  53B00CD6 F62C5049 0B5F9A03 94693984 C39C1CAB C210CA2C A1F9C322 0F61E929
  92730203 010001A3 79307730 0F060355 1D130101 FF040530 030101FF 30240603
  551D1104 1D301B82 19313831 31575F52 6F757465 722E5452 494E4944 41442E43
  4F4D301F 0603551D 23041830 16801472 C8BA7CBA 8E39B59A B754D8E0 4C40688C
  DAF7EF30 1D060355 1D0E0416 041472C8 BA7CBA8E 39B59AB7 54D8E04C 40688CDA
  F7EF300D 06092A86 4886F70D 01010405 00038181 00796032 5DC651F7 BB2C00CC
  D2E56006 DB9425F4 4D0BF1C6 68437B64 51C02592 3159AEA7 41F45164 31B74D14
  2A8CA2E7 39A9AE7A 83743BD8 0D534424 35169099 CFAFFD6F 5918AB53 FF8E34D6
  5345D051 1FBE6BDC B20854B8 4CB5B220 C6BD6115 C47BF50E 24ADF9A4 8031902D
  307C3291 2C46FE96 8744E07E B179E79D 17B1FB56 48
        quit
dot11 syslog
ip source-route
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.29
ip dhcp excluded-address 192.168.1.131 192.168.1.254
!
ip dhcp pool LAN_Addresses
   import all
   network 192.168.1.0 255.255.255.0
   dns-server 4.2.2.2
   default-router 192.168.1.1
   lease 0 5
!
!
ip cef
no ip domain lookup
ip domain name TRINIDAD.COM
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
username mike privilege 15 secret 5 $1$89Aj$4KOJKm3MV.YYrKt7GHWZT.
!
!
!
archive
 log config
  hidekeys
!
!
ip ssh version 2
!
!
!
interface FastEthernet0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Dot11Radio0
 no ip address
 shutdown
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
 station-role root
!
interface Dot11Radio1
 no ip address
 shutdown
 speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
 station-role root
!
interface Vlan1
 ip address 192.168.1.1 255.255.255.0
!
interface Async1
 no ip address
 encapsulation slip
!
ip default-gateway 192.168.1.1
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
!
!
!
!
!
!
!
!
!
control-plane
!
banner exec ^CC
****************************
DO NOT ACCESS EXEC         *
****************************
^C
banner login ^CC
****************************
NO ACCESS LOGIN            *
****************************
^C
banner motd ^CC
****************************
DO NOT LOGIN MOTD          *
****************************
^C
!
line con 0
 exec-timeout 20 0
 password 7 070C2E425D061500
 logging synchronous
line 1
 modem InOut
 stopbits 1
 speed 115200
 flowcontrol hardware
line aux 0
line vty 0 4
 exec-timeout 20 0
 password 7 094047071C13030B5B58
 logging synchronous
 transport input telnet ssh
 transport output telnet ssh
line vty 5 15
 exec-timeout 20 0
 password 7 104200170001061259557F
 logging synchronous
 transport input telnet ssh
 transport output telnet ssh
!
end
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2010
Commented:
You do not need aaa to login via ssh; you can use login local

line vty 5 15
 password cisco
 login local
 transport input ssh


however, what you have in your config is the minimum commands required for ssh and aaa login:

can you provide the output of show ip ssh


Thanks

Author

Commented:
here is what i got with the show ip ssh command

SSH Enabled - version 2.0
Authentication timeout: 120 sec ; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits

ok i try to put "login local" for line vty 5 15

but i receive invalid input detected for local.  when I type "local ?" I only see these two "options authentication" or "ctrlc-disable"

I'm new to networking and am trying to figure this out the only reason i put.......

aaa new-model
!
!
aaa authentication login userauthenticate local

was because without this I was able to telnet with no issues but when trying SSH I was being prompted with username and password for login via tera term. but
login was not allowing me to gain access as soon as I added aaa command I was able to get to the remote without being kicked off. any ideas.

Author

Commented:
never mind i blew out my router and was able to put this command in afterwards thanks for your help not sure why it was preventing me to put this login command afterwards. but thanks again looks like i'm good to go.  I really apprecaite it.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial