Options

Configuring SSH

sub-zerosub-zero Member Posts: 23 ■□□□□□□□□□
in CCNA & CCENT
Hi Guys,

Started studying for my ICND1 and am I total newb to the Cisco world

I purchased a Cisco 3750 -24TS switch and am trying to configure SSH.

When I enter the command command #crypto key generate rsa I get the below error:

Lab(config)#ip domain-Name EXAMPLE.COM
Lab(config)#CRY?
% Unrecognized command
Lab(config)#CRY
Lab(config)#Crypto key generate rsa
^
% Invalid input detected at '^' marker.

Lab(config)#

What is the reason for this? Could it be the IOS? if so how do I check the current version or upgrade?

Thanks.

[h=1][/h]
· Share on FacebookShare on Twitter

Comments

  • Options
    subnet.ninjasubnet.ninja Member Posts: 6 ■□□□□□□□□□
    Check that your version name include k9
    · Share on FacebookShare on Twitter
  • Options
    rob42rob42 Member Posts: 423
    It could be your IOS Version.

    Two commands for you...

    show version

    show ip ssh

    Post back to here the output.
    No longer an active member
    · Share on FacebookShare on Twitter
  • Options
    rob42rob42 Member Posts: 423
    I just found this
    Secure Shell (SSH) Protocol, Kerberos, and Simple Network Management Protocol Version 3 (SNMPv3) provide network security by encrypting administrator traffic during Telnet and SNMP sessions. SSH Protocol, Kerberos, and the cryptographic version of SNMPv3 require a special cryptographic software image because of U.S. export restrictions.

    on this link [URL="http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3750-series-switches/product_data_sheet0900aecd80371991.html]"]http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3750-series-switches/product_data_sheet0900aecd80371991.html[/URL]
    No longer an active member
    · Share on FacebookShare on Twitter
  • Options
    sub-zerosub-zero Member Posts: 23 ■□□□□□□□□□
    rob42 wrote: »
    I just found this

    on this link [URL="http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3750-series-switches/product_data_sheet0900aecd80371991.html]"]http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3750-series-switches/product_data_sheet0900aecd80371991.html[/URL]


    Hi Rob,

    Lab#show ip ssh
    ^
    % Invalid input detected at '^' marker.

    Lab#
    Lab#show ver
    Cisco IOS Software, C3750 Software (C3750-IPBASE-M), Version 12.2(35)SE5, RELEASE SOFTWARE (fc1)
    Copyright (c) 1986-2007 by Cisco Systems, Inc.
    Compiled Thu 19-Jul-07 19:15 by nachen
    Image text-base: 0x00003000, data-base: 0x01080000

    ROM: Bootstrap program is C3750 boot loader
    BOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version 12.2(25r)SEC, RELEASE SOFTWARE (fc4)

    Lab uptime is 39 minutes
    System returned to ROM by power-on
    System image file is "flash:c3750-ipbase-mz.122-35.SE5/c3750-ipbase-mz.122-35.SE5.bin"

    cisco WS-C3750-24TS (PowerPC405) processor (revision Q0) with 118784K/12280K bytes of memory.
    Processor board ID FDO1323Y0BU
    Last reset from power-on
    1 Virtual Ethernet interface
    24 FastEthernet interfaces
    2 Gigabit Ethernet interfaces
    The password-recovery mechanism is enabled.

    512K bytes of flash-simulated non-volatile configuration memory.
    Base ethernet MAC Address : 00:26:0A:0F:D6:80
    Motherboard assembly number : 73-9677-13
    Power supply part number : 341-0034-01
    Motherboard serial number : FDO13230GYM
    Power supply serial number : DTH131710WT
    Model revision number : Q0
    Motherboard revision number : A0
    Model number : WS-C3750-24TS-S
    System serial number : FDO1323Y0BU
    Top Assembly Part Number : 800-25857-05
    Top Assembly Revision Number : A0
    Version ID : V08
    CLEI Code Number : COMFN00BRA
    Hardware Board Revision Number : 0x01


    Switch Ports Model SW Version SW Image
    * 1 26 WS-C3750-24TS 12.2(35)SE5 C3750-IPBASE-M


    Configuration register is 0xF

    Lab#
    · Share on FacebookShare on Twitter
  • Options
    rob42rob42 Member Posts: 423
    I can see from your post that SSH is not supported on your switch, with that version of IOS. But you may be able to install a version of IOS that does support it.

    I'd recommend that you d/load this pdf [http://www.cisco.com/c/en/us/td/docs/ios/sec_user_services/configuration/guide/15_0s/sec_securing_user_services_15_0S_book.pdf] and read the SSH section; it starts at page 622, and will explain the subject way better that I could ever do.

    On one of my devices, I see this message as part of the 'show ver' output...
    This product contains cryptographic features and is subject to United
    States and local country laws governing import, export, transfer and
    use. Delivery of Cisco cryptographic products does not imply
    third-party authority to import, export, distribute or use encryption.
    Importers, exporters, distributors and users are responsible for
    compliance with U.S. and local country laws. By using this product you
    agree to comply with applicable laws and regulations. If you are unable
    to comply with U.S. and local laws, return this product immediately.

    A summary of U.S. laws governing Cisco cryptographic products may be found at:
    Export Compliance Product Report Application

    and this...

    SSH Disabled - version 1.99
    %Please create RSA keys to enable SSH (and of atleast 768 bits for SSH v2).
    Authentication timeout: 120 secs; Authentication retries: 3
    Minimum expected Diffie Hellman key size : 1024 bits
    IOS Keys in SECSH format(ssh-rsa, base64 encoded): NONE

    ...at the show ip ssh command.

    That was so that you know what to look for, if you do install a different IOS. I can't help you with that process, as I've never done it.

    I have a C2950 switch...

    S2950_1#show ver
    Cisco Internetwork Operating System Software
    IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(6)EA2c, RELEASE SOFTWARE (fc1)
    Copyright (c) 1986-2002 by cisco Systems, Inc.

    ... but I've no plans to change the IOS, as I'm trying to gain experience and have already uncovered some interesting little oddities in this particular IOS version. So, what I'm saying is, I'd be in no hurry to change the IOS, if I were you, as you may loose more than you gain.

    My other C2950 (which I think is now dead? I've a post about it, if you'd like to see what you think) had a slightly different V12 IOS and it was good to be able see the differences.



    footnote: I fact, I'd recommend you read all of the PDF! It's really good! ;)
    No longer an active member
    · Share on FacebookShare on Twitter
  • Options
    sub-zerosub-zero Member Posts: 23 ■□□□□□□□□□
    Thanks for the help Rob, I'll get reading.

    It's just all so overwhelming as I'm new to cisco and networking and trying to soak this all up by home study.

    Cheers
    · Share on FacebookShare on Twitter
  • Options
    rob42rob42 Member Posts: 423
    You're very welcome.

    Plus, you're not alone; a lot of people on here (me included) are doing exactly the same as you, and yes, it's hard work. But, keep your eyes on the prize and don't give up.

    What material are you using to study with?
    No longer an active member
    · Share on FacebookShare on Twitter
  • Options
    clarsonclarson Member Posts: 903 ■■■■□□□□□□
    i'd try doing that "crypto" command without any of letters being capitalized. cisco commands are case sensitive.

    and try "show ip ?" and see what it lists.
    · Share on FacebookShare on Twitter
  • Options
    ImYourOnlyDJImYourOnlyDJ Member Posts: 180
    sub-zero wrote: »
    Thanks for the help Rob, I'll get reading.

    It's just all so overwhelming as I'm new to cisco and networking and trying to soak this all up by home study.

    Cheers

    Well the bad news is you have to continue to soak up information in this rapidly changing industry. The good news however is eventually you have an aha moment where things just start to make sense and you stop feeling so overwhelmed. Just don't give up :)
    · Share on FacebookShare on Twitter
Sign In or Register to comment.