SSH ver 2 issue
Hi,
Having issues trying to SSH ver2 into my switch and router setting up encryption keys. I don't have a problem with creating SSH with my labs i watch from CBT nuggets. But i found that my issue is with authentication. Once i put these two commands in I can login....
aaa new-model
aaa authentication login
but it doesn't prompt me with a username. But I'm able to SSH into Router now before I didn't have these commandes it would just time out. I'll att my config file this is really frustrating me now, because its affecting my other labs for login in secure via IE using SDM. any help i would greatly apprecaite.
I have a 1811 Wireless Router....
1811W_Router#sho run
Building configuration...
Current configuration : 4249 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname 1811W_Router
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 $1$MBc0$D91CJmJ584aw35JptH
!
aaa new-model
!
!
aaa authentication login userauthenticate local
!
!
aaa session-id common
!
crypto pki trustpoint TP-self-signed-3991264134
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-3991264134
!
!
crypto pki certificate chain TP-self-signed-3991264134
certificate self-signed 01
30820251 308201BA A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33393931 32363431 3334301E 170D3131 30353133 32333036
31315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 39393132
36343133 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CFF7 7A9AF906 2E9D14F4 C4A5BC14 4CFAE567 30093DC6 5985BD99 75C03451
F99E9E8B 6C1B3DEA 2178CD2C E624249A CDE2035D 248F2C0F 2F4DD2B8 CE719EAA
4BFF74C5 059C4134 9A8E36F0 739E841C 58C3A033 87B96165 BA377827 F1EED163
53B00CD6 F62C5049 0B5F9A03 94693984 C39C1CAB C210CA2C A1F9C322 0F61E929
92730203 010001A3 79307730 0F060355 1D130101 FF040530 030101FF 30240603
551D1104 1D301B82 19313831 31575F52 6F757465 722E5452 494E4944 41442E43
4F4D301F 0603551D 23041830 16801472 C8BA7CBA 8E39B59A B754D8E0 4C40688C
DAF7EF30 1D060355 1D0E0416 041472C8 BA7CBA8E 39B59AB7 54D8E04C 40688CDA
F7EF300D 06092A86 4886F70D 01010405 00038181 00796032 5DC651F7 BB2C00CC
D2E56006 DB9425F4 4D0BF1C6 68437B64 51C02592 3159AEA7 41F45164 31B74D14
2A8CA2E7 39A9AE7A 83743BD8 0D534424 35169099 CFAFFD6F 5918AB53 FF8E34D6
5345D051 1FBE6BDC B20854B8 4CB5B220 C6BD6115 C47BF50E 24ADF9A4 8031902D
307C3291 2C46FE96 8744E07E B179E79D 17B1FB56 48
quit
dot11 syslog
ip source-route
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.29
ip dhcp excluded-address 192.168.1.131 192.168.1.254
!
ip dhcp pool LAN_Addresses
import all
network 192.168.1.0 255.255.255.0
dns-server 4.2.2.2
default-router 192.168.1.1
lease 0 5
!
!
ip cef
no ip domain lookup
ip domain name TRINIDAD.COM
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
username mike privilege 15 secret 5 $1$89Aj$4KOJKm3MV.YYrKt7GH
!
!
!
archive
log config
hidekeys
!
!
ip ssh version 2
!
!
!
interface FastEthernet0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Dot11Radio0
no ip address
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio1
no ip address
shutdown
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
!
interface Async1
no ip address
encapsulation slip
!
ip default-gateway 192.168.1.1
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
!
!
!
!
!
!
!
!
!
control-plane
!
banner exec ^CC
**************************
DO NOT ACCESS EXEC *
**************************
^C
banner login ^CC
**************************
NO ACCESS LOGIN *
**************************
^C
banner motd ^CC
**************************
DO NOT LOGIN MOTD *
**************************
^C
!
line con 0
exec-timeout 20 0
password 7 070C2E425D061500
logging synchronous
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
exec-timeout 20 0
password 7 094047071C13030B5B58
logging synchronous
transport input telnet ssh
transport output telnet ssh
line vty 5 15
exec-timeout 20 0
password 7 104200170001061259557F
logging synchronous
transport input telnet ssh
transport output telnet ssh
!
end
Having issues trying to SSH ver2 into my switch and router setting up encryption keys. I don't have a problem with creating SSH with my labs i watch from CBT nuggets. But i found that my issue is with authentication. Once i put these two commands in I can login....
aaa new-model
aaa authentication login
but it doesn't prompt me with a username. But I'm able to SSH into Router now before I didn't have these commandes it would just time out. I'll att my config file this is really frustrating me now, because its affecting my other labs for login in secure via IE using SDM. any help i would greatly apprecaite.
I have a 1811 Wireless Router....
1811W_Router#sho run
Building configuration...
Current configuration : 4249 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname 1811W_Router
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 $1$MBc0$D91CJmJ584aw35JptH
!
aaa new-model
!
!
aaa authentication login userauthenticate local
!
!
aaa session-id common
!
crypto pki trustpoint TP-self-signed-3991264134
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-3991264134
!
!
crypto pki certificate chain TP-self-signed-3991264134
certificate self-signed 01
30820251 308201BA A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33393931 32363431 3334301E 170D3131 30353133 32333036
31315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 39393132
36343133 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CFF7 7A9AF906 2E9D14F4 C4A5BC14 4CFAE567 30093DC6 5985BD99 75C03451
F99E9E8B 6C1B3DEA 2178CD2C E624249A CDE2035D 248F2C0F 2F4DD2B8 CE719EAA
4BFF74C5 059C4134 9A8E36F0 739E841C 58C3A033 87B96165 BA377827 F1EED163
53B00CD6 F62C5049 0B5F9A03 94693984 C39C1CAB C210CA2C A1F9C322 0F61E929
92730203 010001A3 79307730 0F060355 1D130101 FF040530 030101FF 30240603
551D1104 1D301B82 19313831 31575F52 6F757465 722E5452 494E4944 41442E43
4F4D301F 0603551D 23041830 16801472 C8BA7CBA 8E39B59A B754D8E0 4C40688C
DAF7EF30 1D060355 1D0E0416 041472C8 BA7CBA8E 39B59AB7 54D8E04C 40688CDA
F7EF300D 06092A86 4886F70D 01010405 00038181 00796032 5DC651F7 BB2C00CC
D2E56006 DB9425F4 4D0BF1C6 68437B64 51C02592 3159AEA7 41F45164 31B74D14
2A8CA2E7 39A9AE7A 83743BD8 0D534424 35169099 CFAFFD6F 5918AB53 FF8E34D6
5345D051 1FBE6BDC B20854B8 4CB5B220 C6BD6115 C47BF50E 24ADF9A4 8031902D
307C3291 2C46FE96 8744E07E B179E79D 17B1FB56 48
quit
dot11 syslog
ip source-route
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.29
ip dhcp excluded-address 192.168.1.131 192.168.1.254
!
ip dhcp pool LAN_Addresses
import all
network 192.168.1.0 255.255.255.0
dns-server 4.2.2.2
default-router 192.168.1.1
lease 0 5
!
!
ip cef
no ip domain lookup
ip domain name TRINIDAD.COM
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
username mike privilege 15 secret 5 $1$89Aj$4KOJKm3MV.YYrKt7GH
!
!
!
archive
log config
hidekeys
!
!
ip ssh version 2
!
!
!
interface FastEthernet0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Dot11Radio0
no ip address
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio1
no ip address
shutdown
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
!
interface Async1
no ip address
encapsulation slip
!
ip default-gateway 192.168.1.1
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
!
!
!
!
!
!
!
!
!
control-plane
!
banner exec ^CC
**************************
DO NOT ACCESS EXEC *
**************************
^C
banner login ^CC
**************************
NO ACCESS LOGIN *
**************************
^C
banner motd ^CC
**************************
DO NOT LOGIN MOTD *
**************************
^C
!
line con 0
exec-timeout 20 0
password 7 070C2E425D061500
logging synchronous
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
exec-timeout 20 0
password 7 094047071C13030B5B58
logging synchronous
transport input telnet ssh
transport output telnet ssh
line vty 5 15
exec-timeout 20 0
password 7 104200170001061259557F
logging synchronous
transport input telnet ssh
transport output telnet ssh
!
end
Last Comment
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
never mind i blew out my router and was able to put this command in afterwards thanks for your help not sure why it was preventing me to put this login command afterwards. but thanks again looks like i'm good to go. I really apprecaite it.
Routers
A router is a networking device that forwards data packets between computer networks. Routers perform the "traffic directing" functions on the Internet. The most familiar type of routers are home and small office cable or DSL routers that simply pass data, such as web pages, email, IM, and videos between computers and the Internet. More sophisticated routers, such as enterprise routers, connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. Though routers are typically dedicated hardware devices, use of software-based routers has grown increasingly common.
49K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
ASKER
SSH Enabled - version 2.0
Authentication timeout: 120 sec ; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
ok i try to put "login local" for line vty 5 15
but i receive invalid input detected for local. when I type "local ?" I only see these two "options authentication" or "ctrlc-disable"
I'm new to networking and am trying to figure this out the only reason i put.......
aaa new-model
!
!
aaa authentication login userauthenticate local
was because without this I was able to telnet with no issues but when trying SSH I was being prompted with username and password for login via tera term. but
login was not allowing me to gain access as soon as I added aaa command I was able to get to the remote without being kicked off. any ideas.