Options
ssh into Cisco switch from Linux fails with "permission denied"
sendalot
Member Posts: 328
in CCNA & CCENT
ssh into Cisco switch from Linux fails with "permission denied."
I think I'm putting in the right password, etc
Below is the config.
Building configuration...
Current configuration : 2999 bytes
!
! Last configuration change at 21:42:56 UTC Thu Jul 10 2014
! NVRAM config last updated at 21:43:04 UTC Thu Jul 10 2014
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname InternalSW
!
boot-start-marker
boot-end-marker
!
enable secret 4 ZoZY/YnRA2pRghd7uPpn1MGfksY/RHlCI4yhlSLmreI
enable password 7 08324147051C5444405F58
!
username internal password 7 105D0410091243585E50
aaa new-model
!
!
aaa session-id common
switch 1 provision ws-c2960x-48ts-l
!
!
ip domain-name switch.internal.com
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
vlan internal allocation policy ascending
!
ip ssh time-out 60
ip ssh version 2
!
!
interface FastEthernet0
no ip address
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/34
!
interface GigabitEthernet1/0/35
switchport access vlan 8
!
interface GigabitEthernet1/0/36
switchport access vlan 8
!
interface GigabitEthernet1/0/37
!
interface GigabitEthernet1/0/38
!
!
interface Vlan1
no ip address
!
interface Vlan8
ip address 172.20.1.1 255.240.0.0
!
ip default-gateway 172.20.1.1
ip http server
ip http secure-server
!
!
!
!
!
!
line con 0
line vty 0 4
password 7 08324147051C5444405F
transport input ssh
line vty 5
password 7 08324147051C5444405F
transport input ssh
line vty 6 15
password 7 071C2C45420C48564546
transport input ssh
!
end
I think I'm putting in the right password, etc
Below is the config.
Building configuration...
Current configuration : 2999 bytes
!
! Last configuration change at 21:42:56 UTC Thu Jul 10 2014
! NVRAM config last updated at 21:43:04 UTC Thu Jul 10 2014
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname InternalSW
!
boot-start-marker
boot-end-marker
!
enable secret 4 ZoZY/YnRA2pRghd7uPpn1MGfksY/RHlCI4yhlSLmreI
enable password 7 08324147051C5444405F58
!
username internal password 7 105D0410091243585E50
aaa new-model
!
!
aaa session-id common
switch 1 provision ws-c2960x-48ts-l
!
!
ip domain-name switch.internal.com
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
vlan internal allocation policy ascending
!
ip ssh time-out 60
ip ssh version 2
!
!
interface FastEthernet0
no ip address
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/34
!
interface GigabitEthernet1/0/35
switchport access vlan 8
!
interface GigabitEthernet1/0/36
switchport access vlan 8
!
interface GigabitEthernet1/0/37
!
interface GigabitEthernet1/0/38
!
!
interface Vlan1
no ip address
!
interface Vlan8
ip address 172.20.1.1 255.240.0.0
!
ip default-gateway 172.20.1.1
ip http server
ip http secure-server
!
!
!
!
!
!
line con 0
line vty 0 4
password 7 08324147051C5444405F
transport input ssh
line vty 5
password 7 08324147051C5444405F
transport input ssh
line vty 6 15
password 7 071C2C45420C48564546
transport input ssh
!
end
Comments
-
Options
VinnyCisco
Member Posts: 176
I do not see the "login local" command set in your VTY lines. That needs to be entered into your VTY lines. The login local command is what directs the login to look at the local username and password."Failure is the prerequisite of Success" - V. G. -
Optionslrb
Member Posts: 526
The box is running AAA (aaa new-model) but there is no default authentication method for the VTY lines (unless I'm going blind!). To get some basic access using the local user database you can use the following command.
aaa authentication login default group local
-
Optionssendalot
Member Posts: 328
I'll apply those soon. Thank you.
By the way, I tried "ssh internal@172.20.1.1" and "ssh 172.20.1.1"
Do those seem right in CentOS terminal?
Thanks.