remote connection using SSH

aueddonlineaueddonline Member Posts: 611
in CCNP
ok so I want to set up an SSH connection to a cisco router via a laptop i've configured the router
with

config t
username (name) password md5 (password)
ip domain name monkey
line vty 0 2
exec-timeout 100 0
password 7 03095E190A0035141A
login
transport input telnet
line vty 3 4
exec-timeout 100 0
password 7 03095E190A0035141A
login
transport input ssh

When I try to connet from the laptop using putty it takes me to 'login as' and then 'password' and I use the username and password I have configured but it's saying 'Access denied:'
What's another word for Thesaurus?
· Share on FacebookShare on Twitter

Comments

  • kryollakryolla Member Posts: 785
    try login local
    Studying for CCIE and drinking Home Brew
    · Share on FacebookShare on Twitter
  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    try "username bob secret cisco" the way you've entered it it would think the password is "md5 password". Also to enable SSH you need to create your RSA key pairs.
    The only easy day was yesterday!
    · Share on FacebookShare on Twitter
  • EdTheLadEdTheLad Member Posts: 2,111 ■■■■□□□□□□
    You have ssh configured on vty lines 3 and 4, are you sure when you ssh you are using lines 3 and 4? rather than lines 0,1 and 2.
    Networking, sometimes i love it, mostly i hate it.Its all about the $$$$
    · Share on FacebookShare on Twitter
  • aueddonlineaueddonline Member Posts: 611
    dtlokee wrote:
    try "username bob secret cisco" the way you've entered it it would think the password is "md5 password". Also to enable SSH you need to create your RSA key pairs.

    yeah i did actually do this using the crypto key generate rsa' command

    should of mentioned that
    What's another word for Thesaurus?
    · Share on FacebookShare on Twitter
  • aueddonlineaueddonline Member Posts: 611
    jst tried

    username bob secret cisco

    same thing happened when login in
    What's another word for Thesaurus?
    · Share on FacebookShare on Twitter
  • AhriakinAhriakin SupremeNetworkOverlord Member Posts: 1,799 ■■■■■■■■□□
    As suggested earlier try adding "login authentication local" to your Line VTY details. Also depending on the router/image you may have to configure an access-list/apply it as a class to the line before it allows access. I configured my first ISR yesterday, a 2821 running 12.4(13r)T Security Image and neither the SDM or SSH would work until I explicitly defined allowed hosts via an ACL and applied it as a class to the HTTP and Line services. Before this I've only worked on older standard image (~12.2) 3640's and 2620's and they did not need this. Here's an example from that config:

    username xxxxxxxxx privilege 15 secret 5 xxxxxxxxxxxxxxx
    aaa new-model
    line vty 0 4
    access-class lineaccess in
    privilege level 15
    password 7 xxxxxxxxxxxxxxxxxx
    login authentication local
    transport input ssh
    line vty 5 15
    access-class lineaccess in
    privilege level 15
    password 7 xxxxxxxxxxxxxxxxxx
    login authentication local
    transport input ssh

    The ACL "lineaccess" is just a simple standard permit access list.
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
    · Share on FacebookShare on Twitter
  • aueddonlineaueddonline Member Posts: 611
    thanks for posting Ahriakin, I configured 'login local' it was on my IOS and it's working now using the username secret creds suggested earlier, thanks a lot guys

    line con 0
    password 7 11041C171B1D1F5450
    login
    line aux 0
    line vty 0 2
    exec-timeout 100 0
    password 7 03095E190A0035141A
    login
    transport input telnet
    line vty 3 4
    exec-timeout 100 0
    password 7 03095E190A0035141A
    login local
    transport input ssh
    What's another word for Thesaurus?
    · Share on FacebookShare on Twitter
  • joshgibson82joshgibson82 Member Posts: 80 ■■□□□□□□□□
    Ahriakin wrote:
    As suggested earlier try adding "login authentication local" to your Line VTY details. Also depending on the router/image you may have to configure an access-list/apply it as a class to the line before it allows access. I configured my first ISR yesterday, a 2821 running 12.4(13r)T Security Image and neither the SDM or SSH would work until I explicitly defined allowed hosts via an ACL and applied it as a class to the HTTP and Line services. Before this I've only worked on older standard image (~12.2) 3640's and 2620's and they did not need this. Here's an example from that config:

    username xxxxxxxxx privilege 15 secret 5 xxxxxxxxxxxxxxx
    aaa new-model
    line vty 0 4
    access-class lineaccess in
    privilege level 15
    password 7 xxxxxxxxxxxxxxxxxx
    login authentication local
    transport input ssh
    line vty 5 15
    access-class lineaccess in
    privilege level 15
    password 7 xxxxxxxxxxxxxxxxxx
    login authentication local
    transport input ssh

    The ACL "lineaccess" is just a simple standard permit access list.

    You should not have to create an access list in 12.4 on a 2821 router. I've configured dozens of these for ssh access and https, and did not have to do that.
    Josh, CCNP CWNA
    · Share on FacebookShare on Twitter
  • kryollakryolla Member Posts: 785
    Glad it is working now. The local command is to use the local database you created by username password command.
    Studying for CCIE and drinking Home Brew
    · Share on FacebookShare on Twitter
Sign In or Register to comment.