leblanc
asked on
ssh setup on Cisco swith
I am trying to setup SSH and it does not seem to work. I am using secureCRT and it timedout. What am I missing? Below are the commands that I used in my config:
hostname sw1
ip domain-name www.mydomain.com
crypto key generate rsa
username cisco privilege 15 secret MYPWD
aaa new model
aaa authentication login default local
ip ssh version 2
line vty 0 4
transport input ssh telnet
ip ssh version 2
When I did show crypto key mypublic rsa, I can see my key:
% Key pair was generated at: 16:41:20 EST Dec 25 2016
Key name: HTTPS_SS_CERT_KEYPAIR.serv er
Temporary key
Usage: Encryption Key
Key is not exportable.
Key Data:
307C377A ...
hostname sw1
ip domain-name www.mydomain.com
crypto key generate rsa
username cisco privilege 15 secret MYPWD
aaa new model
aaa authentication login default local
ip ssh version 2
line vty 0 4
transport input ssh telnet
ip ssh version 2
When I did show crypto key mypublic rsa, I can see my key:
% Key pair was generated at: 16:41:20 EST Dec 25 2016
Key name: HTTPS_SS_CERT_KEYPAIR.serv
Temporary key
Usage: Encryption Key
Key is not exportable.
Key Data:
307C377A ...
ASKER
I can ssh to that switch from another switch but I have to enter this whole command: ssh -l cisco 10.10.10.1. Also, it did not ask me for the username. It just had the password prompt.
I got the error below when I use the "ssh 10.10.10.1" command:
% No user specified nor available for SSH client
PS. There are no ACLs in the config
I got the error below when I use the "ssh 10.10.10.1" command:
% No user specified nor available for SSH client
PS. There are no ACLs in the config
To prompt you for login you need to add "Login Local" under "line vty 0 4"
ASKER
I thought that when you have aaa new-model, it will prompt you for the username in your local db.
ssh -l cisco 10.10.10.1specifies username cisco
:)
So, you provided username to be checked against local database, you were just prompted for password.
If you try to telnet to device, you will be prompted for username and password.
If you want to be prompted for username and password you will need to remove aaa.
no aaa new-model
line vty 0 4
login local
If aaa is activated login local is not available under vty interfaces.
ASKER
Ok. So my question is I can ssh to this switch from another switch but I cannot ssh to it from Putty. I access the switch via VPN. Does it mean that I may have been blocked from the FW? I can telnet to the switch without any problem. Thx
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
How do I check if the FW is blocking port 22 or may be my IP address?
Also, how about the console port? I am using aaa. So if I connect to the console port now, it will ask me for password as well? Currently, I don't see any configuration under line con 0. Thx
Also, how about the console port? I am using aaa. So if I connect to the console port now, it will ask me for password as well? Currently, I don't see any configuration under line con 0. Thx
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It was my IP address. It is now fixed.
How about the console port? I do not need to configure transport input ssh. Correct?
How about the console port? I do not need to configure transport input ssh. Correct?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Your probably just missing a few steps. Try this link and compare it to your config.
http://www.cisco.com/c/en/us/support/docs/security-vpn/secure-shell-ssh/4145-ssh.html
Can you post your config?
Otherwise it maybe a ACL setting