Options
Problems accessing switch via telnet
sub-zero
Member Posts: 23 ■□□□□□□□□□
in CCNA & CCENT
Hi guys,
I've configured my switch with SSH, however when i try accessing it from a PC i get
"closed by foreign host" error.
I know how ro resolve the issue by configuring in line vty #transport input all, however if i set the #transport input ssh , then the error comes back.
Anyone have any ideas?
Using Packet Trace BTW
thanks
I've configured my switch with SSH, however when i try accessing it from a PC i get
"closed by foreign host" error.
I know how ro resolve the issue by configuring in line vty #transport input all, however if i set the #transport input ssh , then the error comes back.
Anyone have any ideas?
Using Packet Trace BTW
thanks
Comments
-
Optionssub-zero
Member Posts: 23 ■□□□□□□□□□
Hi, pretty sure i did unless I've made an error somewhereDid you generate the keys?
SW1#show run Building configuration...
Current configuration : 1931 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname SW1
!
enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
!
!
!
ip ssh version 2
no ip domain-lookup
ip domain-name google.com
!
username umar secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
!
!
spanning-tree mode pvst
!
interface FastEthernet0/1
switchport access vlan 2
switchport mode access
switchport voice vlan 4
!
interface FastEthernet0/2
switchport access vlan 2
switchport mode access
switchport voice vlan 4
!
interface FastEthernet0/3
switchport access vlan 3
switchport mode access
switchport voice vlan 4
!
interface FastEthernet0/4
switchport access vlan 3
switchport mode access
switchport voice vlan 4
!
interface FastEthernet0/5
switchport trunk allowed vlan 1-4
switchport mode trunk
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.5.2 255.255.255.0
!
interface Vlan2
mac-address 0001.423b.d203
ip address 192.168.2.2 255.255.255.0
!
interface Vlan3
mac-address 0001.423b.d202
ip address 192.168.4.10 255.255.255.0
!
interface Vlan4
mac-address 0001.423b.d201
no ip address
!
!
!
!
line con 0
logging synchronous
login local
!
line vty 0 4
password cisco
login local
transport input ssh
line vty 5 15
password cisco
login local
transport input ssh
!
!
!
end -
Optionssub-zero
Member Posts: 23 ■□□□□□□□□□
Hi Rob,What does your show ip ssh look like?
SW1#sho ip ssh SSH Enabled - version 2.0
Authentication timeout: 120 secs; Authentication retries: 3
SW1#
I can't figure it out, is it me missing something or packet tracer playing up?
cheers -
Options
rob42
Member Posts: 423
Doesn't look right to me.
What about your show ssh
edit to add...
I'd go through the SSH configuration process again if I were you. Are you sure of the command sequence?
If you let me know which Switch you're using (I'm assuming CPT v7), I'll go through it also if you like and we can compare the results?
No longer an active member -
Optionssub-zero
Member Posts: 23 ■□□□□□□□□□
Rob, not sure what I am doing wrong, however I've just ran the config for setting up ssh againDoesn't look right to me.
What about your show ssh
edit to add...
I'd go through the SSH configuration process again if I were you. Are you sure of the command sequence?
If you let me know which Switch you're using (I'm assuming CPT v7), I'll go through it also if you like and we can compare the results?
TESTLAB#conf t Enter configuration commands, one per line. End with CNTL/Z.
TESTLAB(config)#ip dom
TESTLAB(config)#ip domain
TESTLAB(config)#ip domain-n
TESTLAB(config)#ip domain-name example.com
TESTLAB(config)#cry
TESTLAB(config)#crypto key
TESTLAB(config)#crypto key ge
TESTLAB(config)#crypto key generate rs
TESTLAB(config)#crypto key generate rsa
% You already have RSA keys defined named SW1.google.com .
% Do you really want to replace them? [yes/no]: y
The name for the keys will be: TESTLAB.example.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
TESTLAB# show ssh
%No SSHv2 server connections running.
%No SSHv1 server connections running.
TESTLAB#
Still unable to gain access.
I am using Packet Tracer, 2960 switch.
thanks -
Optionsrob42
Member Posts: 423
It seems to be okay my end...
Topology
PC [ip 192.168.1.20] fa0 connected to SW1 fa/01
Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname SW1
SW1(config)#int vlan 1
SW1(config-if)#ip address 192.168.1.10 255.255.255.0
SW1(config-if)#no shutdown
SW1#
SW1#ping 192.168.1.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.20, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 0/0/0 ms
SW1#
SW1#show ssh
%No SSHv2 server connections running.
%No SSHv1 server connections running.
SW1#show ip ssh
SSH Disabled - version 1.99
%Please create RSA keys (of atleast 768 bits size) to enable SSH v2.
Authentication timeout: 120 secs; Authentication retries: 3
SW1#
C:\>ssh -l admin 192.168.1.10
Open
[Connection to 192.168.1.10 closed by foreign host]
C:\>
SW1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#line vty 0 15
SW1(config-line)#login local
SW1(config-line)#exit
SW1(config)#username admin password cisco
SW1(config)#ip domain-name techexams.net
SW1(config)#crypto key generate rsa
The name for the keys will be: SW1.techexams.net
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
SW1(config)#ip ssh version 2
SW1(config)#line vty 0 15
SW1(config-line)#transport input ssh
SW1(config-line)#^z
SW1#
C:\>ssh -l admin 192.168.1.10
Open
Password:
SW1>
If you compare your command sequence with mine, you'll see that you've missed a couple of things, namely, 'login local' and 'username'.
Try it again, bud'No longer an active member -
Optionssub-zero
Member Posts: 23 ■□□□□□□□□□
It seems to be okay my end...
Topology
PC [ip 192.168.1.20] fa0 connected to SW1 fa/01
Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname SW1
SW1(config)#int vlan 1
SW1(config-if)#ip address 192.168.1.10 255.255.255.0
SW1(config-if)#no shutdown
SW1#
SW1#ping 192.168.1.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.20, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 0/0/0 ms
SW1#
SW1#show ssh
%No SSHv2 server connections running.
%No SSHv1 server connections running.
SW1#show ip ssh
SSH Disabled - version 1.99
%Please create RSA keys (of atleast 768 bits size) to enable SSH v2.
Authentication timeout: 120 secs; Authentication retries: 3
SW1#
C:\>ssh -l admin 192.168.1.10
Open
[Connection to 192.168.1.10 closed by foreign host]
C:\>
SW1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#line vty 0 15
SW1(config-line)#login local
SW1(config-line)#exit
SW1(config)#username admin password cisco
SW1(config)#ip domain-name techexams.net
SW1(config)#crypto key generate rsa
The name for the keys will be: SW1.techexams.net
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
SW1(config)#ip ssh version 2
SW1(config)#line vty 0 15
SW1(config-line)#transport input ssh
SW1(config-line)#^z
SW1#
C:\>ssh -l admin 192.168.1.10
Open
Password:
SW1>
If you compare your command sequence with mine, you'll see that you've missed a couple of things, namely, 'login local' and 'username'.
Try it again, bud'
Hi Rob,
As you can see from post #3 already configured the username and login local.
However I've just typed in the commands again,
TESTLAB#conf t Enter configuration commands, one per line. End with CNTL/Z.
TESTLAB(config)#user
TESTLAB(config)#username admin
TESTLAB(config)#username admin sc
TESTLAB(config)#username admin se
TESTLAB(config)#username admin secret cisco
TESTLAB(config)#host
TESTLAB(config)#hostname TestLAB
TestLAB(config)#Ip domaian-n
TestLAB(config)#Ip domain-n
TestLAB(config)#Ip domain-name techexams.net
TestLAB(config)#cry
TestLAB(config)#crypto key
TestLAB(config)#crypto key ge
TestLAB(config)#crypto key generate rsa
% You already have RSA keys defined named TESTLAB.example.com .
% Do you really want to replace them? [yes/no]: y
The name for the keys will be: TestLAB.techexams.net
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
TestLAB(config)#^Z
*Mar 1 0:2:40.82: %SSH-5-ENABLED: SSH 2 has been enabled
TestLAB#
%SYS-5-CONFIG_I: Configured from console by console
I am still unable to access via SSH.
If i change the command to # transport input all in vty line config, I can telnet into the switch , but not SSH.
Thanks for helping BTW
-
Optionsrob42
Member Posts: 423
... I am still unable to access via SSH.
If i change the command to # transport input all in vty line config, I can telnet into the switch , but not SSH.
Thanks for helping BTW
No probs and you're very welcome.
I can't understand why it's not working for you. The fact that you can use TELNET demonstrates that you've got a valid IP connection (as no doubt you understand), so it has to be an issue with the SSH configuration. If you want to made your CPT file available, I'll gladly have a look at it.
Cheers for now.No longer an active member -
Optionssub-zero
Member Posts: 23 ■□□□□□□□□□
No probs and you're very welcome.
I can't understand why it's not working for you. The fact that you can use TELNET demonstrates that you've got a valid IP connection (as no doubt you understand), so it has to be an issue with the SSH configuration. If you want to made your CPT file available, I'll gladly have a look at it.
Cheers for now.
Thanks Rob, still confused myself.
As soon as I add the #transport input all command in line vty , it allows me to telnet into the switch. -
Options
OfWolfAndMan
Member Posts: 923 ■■■■□□□□□□
Probably a bug. Zeroize key and reinitialize. If that doesn't work, just go with telnet
#crypto key zeroize rsa
#crypto key gener rsa general-keys mod 1024
also, what SSH client are you using?:study:Reading: Lab Books, Ansible Documentation, Python Cookbook 2018 Goals: More Ansible/Python work for Automation, IPSpace Automation Course [X], Build Jenkins Framework for Network Automation [] -
Optionsrob42
Member Posts: 423
Thanks Rob, still confused myself.
As soon as I add the #transport input all command in line vty , it allows me to telnet into the switch.
No probs.
b.t.w, you are using the command...
C:\>ssh -l umar 192.168.5.2
...right?
edit...
No, forget that; it's an invalid command if it's not typed correctly...No longer an active member -
OptionsImYourOnlyDJ
Member Posts: 180
Odd the config looks good to me. I'd take a closer look at the SSH client (maybe its doing something weird). Have you tried using Putty? You could also run Wireshark to see what exactly is going on.
