Configuring SSH

Hi Guys,

Started studying for my ICND1 and am I total newb to the Cisco world

I purchased a Cisco 3750 -24TS switch and am trying to configure SSH.

When I enter the command command #crypto key generate rsa I get the below error:

Lab(config)#ip domain-Name EXAMPLE.COM
Lab(config)#CRY?
% Unrecognized command
Lab(config)#CRY
Lab(config)#Crypto key generate rsa
^
% Invalid input detected at '^' marker.

Lab(config)#

What is the reason for this? Could it be the IOS? if so how do I check the current version or upgrade?

Thanks.

[h=1][/h]

Find more posts tagged with

Comments

subnet.ninja

Check that your version name include k9

rob42

It could be your IOS Version.

Two commands for you...

show version

show ip ssh

Post back to here the output.

rob42

I just found this

Secure Shell (SSH) Protocol, Kerberos, and Simple Network Management Protocol Version 3 (SNMPv3) provide network security by encrypting administrator traffic during Telnet and SNMP sessions. SSH Protocol, Kerberos, and the cryptographic version of SNMPv3 require a special cryptographic software image because of U.S. export restrictions.

on this link [URL="http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3750-series-switches/product_data_sheet0900aecd80371991.html]"]http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3750-series-switches/product_data_sheet0900aecd80371991.html[/URL]

sub-zero

rob42 wrote: »

I just found this

on this link [URL="http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3750-series-switches/product_data_sheet0900aecd80371991.html]"]http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3750-series-switches/product_data_sheet0900aecd80371991.html[/URL]

Hi Rob,

Lab#show ip ssh
^
% Invalid input detected at '^' marker.

Lab#
Lab#show ver
Cisco IOS Software, C3750 Software (C3750-IPBASE-M), Version 12.2(35)SE5, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Thu 19-Jul-07 19:15 by nachen
Image text-base: 0x00003000, data-base: 0x01080000

ROM: Bootstrap program is C3750 boot loader
BOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version 12.2(25r)SEC, RELEASE SOFTWARE (fc4)

Lab uptime is 39 minutes
System returned to ROM by power-on
System image file is "flash:c3750-ipbase-mz.122-35.SE5/c3750-ipbase-mz.122-35.SE5.bin"

cisco WS-C3750-24TS (PowerPC405) processor (revision Q0) with 118784K/12280K bytes of memory.
Processor board ID FDO1323Y0BU
Last reset from power-on
1 Virtual Ethernet interface
24 FastEthernet interfaces
2 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : 00:26:0A:0F:D6:80
Motherboard assembly number : 73-9677-13
Power supply part number : 341-0034-01
Motherboard serial number : FDO13230GYM
Power supply serial number : DTH131710WT
Model revision number : Q0
Motherboard revision number : A0
Model number : WS-C3750-24TS-S
System serial number : FDO1323Y0BU
Top Assembly Part Number : 800-25857-05
Top Assembly Revision Number : A0
Version ID : V08
CLEI Code Number : COMFN00BRA
Hardware Board Revision Number : 0x01

Switch Ports Model SW Version SW Image

* 1 26 WS-C3750-24TS 12.2(35)SE5 C3750-IPBASE-M

Configuration register is 0xF

Lab#

rob42

I can see from your post that SSH is not supported on your switch, with that version of IOS. But you may be able to install a version of IOS that does support it.

I'd recommend that you d/load this pdf [http://www.cisco.com/c/en/us/td/docs/ios/sec_user_services/configuration/guide/15_0s/sec_securing_user_services_15_0S_book.pdf] and read the SSH section; it starts at page 622, and will explain the subject way better that I could ever do.

On one of my devices, I see this message as part of the 'show ver' output...

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
Export Compliance Product Report Application

and this...

SSH Disabled - version 1.99
%Please create RSA keys to enable SSH (and of atleast 768 bits for SSH v2).
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded): NONE

...at the show ip ssh command.

That was so that you know what to look for, if you do install a different IOS. I can't help you with that process, as I've never done it.

I have a C2950 switch...

S2950_1#show ver
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(6)EA2c, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.

... but I've no plans to change the IOS, as I'm trying to gain experience and have already uncovered some interesting little oddities in this particular IOS version. So, what I'm saying is, I'd be in no hurry to change the IOS, if I were you, as you may loose more than you gain.

My other C2950 (which I think is now dead? I've a post about it, if you'd like to see what you think) had a slightly different V12 IOS and it was good to be able see the differences.

footnote: I fact, I'd recommend you read all of the PDF! It's really good!

sub-zero

Thanks for the help Rob, I'll get reading.

It's just all so overwhelming as I'm new to cisco and networking and trying to soak this all up by home study.

Cheers

rob42

You're very welcome.

Plus, you're not alone; a lot of people on here (me included) are doing exactly the same as you, and yes, it's hard work. But, keep your eyes on the prize and don't give up.

What material are you using to study with?

clarson

i'd try doing that "crypto" command without any of letters being capitalized. cisco commands are case sensitive.

and try "show ip ?" and see what it lists.

ImYourOnlyDJ

sub-zero wrote: »

Thanks for the help Rob, I'll get reading.

It's just all so overwhelming as I'm new to cisco and networking and trying to soak this all up by home study.

Cheers

Well the bad news is you have to continue to soak up information in this rapidly changing industry. The good news however is eventually you have an aha moment where things just start to make sense and you stop feeling so overwhelmed. Just don't give up