Link to home
Start Free TrialLog in
Avatar of leblanc
leblanc

asked on

ssh setup on Cisco swith

I am trying to setup SSH and it does not seem to work. I am using secureCRT and it timedout. What am I missing? Below are the commands that I used in my config:

hostname sw1
ip domain-name www.mydomain.com
crypto key generate rsa
username cisco privilege 15 secret MYPWD
aaa new model
aaa authentication login default local
ip ssh version 2
line vty 0 4
transport input ssh telnet
ip ssh version 2

When I did show crypto key mypublic rsa, I can see my key:

% Key pair was generated at: 16:41:20 EST Dec 25 2016
Key name: HTTPS_SS_CERT_KEYPAIR.server
Temporary key
 Usage: Encryption Key
 Key is not exportable.
 Key Data:
  307C377A ...
Avatar of jmac44
jmac44
Flag of United States of America image

Is the router Firewalled? If so CBAC or ZBFW? What's the Model and IOS version?

Your probably just missing a few steps. Try this link and compare it to your config.

http://www.cisco.com/c/en/us/support/docs/security-vpn/secure-shell-ssh/4145-ssh.html

Can you post your config?

Otherwise it maybe a ACL setting
Avatar of leblanc
leblanc

ASKER

I can ssh to that switch from another switch but I have to enter this whole command: ssh -l cisco 10.10.10.1. Also, it did not ask me for the username. It just had the password prompt.

I got the error below when I use the "ssh 10.10.10.1" command:
% No user specified nor available for SSH client

PS. There are no ACLs in the config
To prompt you for login you need to add "Login Local" under "line vty 0 4"
Avatar of leblanc

ASKER

I thought that when you have aaa new-model, it will prompt you for the username in your local db.
ssh -l cisco 10.10.10.1
specifies username cisco
:)
So, you provided username to be checked against local database, you were just prompted for password.
If you try to telnet to device, you will be prompted for username and password.
If you want to be prompted for username and password you will need to remove aaa.
no aaa new-model
line vty 0 4
 login local

If aaa is activated login local is not available under vty interfaces.
Avatar of leblanc

ASKER

Ok. So my question is I can ssh to this switch from another switch but I cannot ssh to it from Putty. I access the switch via VPN. Does it mean that I may have been blocked from the FW? I can telnet to the switch without any problem. Thx
ASKER CERTIFIED SOLUTION
Avatar of Predrag Jovic
Predrag Jovic
Flag of Poland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of leblanc

ASKER

How do I check if the FW is blocking port 22 or may be my IP address?

Also, how about the console port? I am using aaa. So if I connect to the console port now, it will ask me for password as well? Currently, I don't see any configuration under line con 0. Thx
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of leblanc

ASKER

It was my IP address. It is now fixed.
How about the console port? I do not need to configure transport input ssh. Correct?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial