SSH / Putty - Access denied
jbrad95706
Member Posts: 225
in CCNA & CCENT
(This has been taken care of, and I added the fix / mistake - it's about 7 posts down. 
)
login as: cisco
cisco@192.168.1.240's password:
Access denied
Building configuration...
Current configuration : 2371 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 3550
!
enable secret 5 $1$rDSJ$knfM5H3EdSBhuf3OK8m2W.
!
username cisco password 0 cisco
ip subnet-zero
!
no ip domain-lookup
ip domain-name domain.local
ip ssh time-out 120
ip ssh authentication-retries 3
ip ssh version 2
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
!
interface FastEthernet0/1
switchport mode dynamic desirable
! *SNIP*
interface FastEthernet0/24
switchport mode dynamic desirable
!
interface GigabitEthernet0/1
switchport mode dynamic desirable
!
interface GigabitEthernet0/2
switchport mode dynamic desirable
!
interface Vlan1
ip address 192.168.1.240 255.255.255.0
!
interface Vlan2
no ip address
!
ip classless
ip http server
!
!
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login
line vty 0 4
password ccna
login
transport input telnet ssh
line vty 5 15
login
!
!
end
Can anyone tell me what I'm missing?
:
Telnet works, but SSH doesn't.
)login as: cisco
cisco@192.168.1.240's password:
Access denied
Building configuration...
Current configuration : 2371 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 3550
!
enable secret 5 $1$rDSJ$knfM5H3EdSBhuf3OK8m2W.
!
username cisco password 0 cisco
ip subnet-zero
!
no ip domain-lookup
ip domain-name domain.local
ip ssh time-out 120
ip ssh authentication-retries 3
ip ssh version 2
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
!
interface FastEthernet0/1
switchport mode dynamic desirable
! *SNIP*
interface FastEthernet0/24
switchport mode dynamic desirable
!
interface GigabitEthernet0/1
switchport mode dynamic desirable
!
interface GigabitEthernet0/2
switchport mode dynamic desirable
!
interface Vlan1
ip address 192.168.1.240 255.255.255.0
!
interface Vlan2
no ip address
!
ip classless
ip http server
!
!
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login
line vty 0 4
password ccna
login
transport input telnet ssh
line vty 5 15
login
!
!
end
Can anyone tell me what I'm missing?
:Telnet works, but SSH doesn't.
Comments
-
thenjduke
Member Posts: 894 ■■■■□□□□□□
crypto...CCNA, MCP, MCSA, MCSE, MCDST, MCITP Enterprise Administrator, Working towards Networking BS. CCNP is Next. -
jbrad95706
Member Posts: 225
crypto...
This is my first time trying to set SSH up on a Cisco device, so I'm 100% sure I follow.
I did use "crypto key gen rsa" to make the key...: Or, are you saying that my image (c3550-i5k2l2q3-mz.121-22.EA10.bin) may not support SSH?
Thanks again! -
kryolla
Member Posts: 785
Set Up an IOS Router or Switch as SSH Client
There are four steps required to enable SSH support on an IOS router:
Configure the hostname command.
Configure the DNS domain.
Generate the SSH key to be used.
Enable SSH transport support for the virtual type terminal (vtys).
Configuring Secure Shell on Routers and Switches Running Cisco IOS - Cisco SystemsStudying for CCIE and drinking Home Brew -
jbrad95706
Member Posts: 225
Set Up an IOS Router or Switch as SSH Client
There are four steps required to enable SSH support on an IOS router:
Configure the hostname command.
Configure the DNS domain.
Generate the SSH key to be used.
Enable SSH transport support for the virtual type terminal (vtys).
Configuring Secure Shell on Routers and Switches Running Cisco IOS - Cisco Systems
Thanks!
But... I'm pretty sure I took all 4 of those steps.
From my config:
*snip*
hostname 3550
*snip*
ip domain-name domain.local
*snip*
line vty 0 4
login
transport input ssh
line vty 5 15
login
*snip*
I'm wondering it maybe it's putty...
Does anyone else use Putty? -
captobvious
Member Posts: 648
Check again, step 3. Where is your key?Set Up an IOS Router or Switch as SSH Client
There are four steps required to enable SSH support on an IOS router:
Configure the hostname command.
Configure the DNS domain.
Generate the SSH key to be used.
Enable SSH transport support for the virtual type terminal (vtys).
Configuring Secure Shell on Routers and Switches Running Cisco IOS - Cisco Systems
Edit:cry key generate rsaAt this point, the show cry key mypubkey rsa command must show the generated key. After you add the SSH configuration, test your ability to access the router from the PC and UNIX station. If this does not work, see the debug section of this document.
ip ssh time-out 60
ip ssh authentication-retries 2 -
jbrad95706
Member Posts: 225
Just wanted to update this -
Cisco Internetwork Operating System Software
IOS (tm) C3550 Software (C3550-I5K2L2Q3-M), Version 12.1(22)EA10, RELEASE SOFTWARE (fc2)
I had to use the command: aaa new-model
"The aaa new-model command causes the local username and password on the router to be used in the absence of other AAA statements."
I just wanted to let anyone that may peek in on this know that it's fixed.
Thanks everyone! -
JBrown
Member Posts: 308
According to this Cisco Hands On Training Podcast specially http://www.ciscohandsontraining.com/video/IOS-Version-Selection.mov ( Attention: this is a large video file) your image does not support ssh.jbrad95706 wrote: »This is my first time trying to set SSH up on a Cisco device, so I'm 100% sure I follow.
I did use "crypto key gen rsa" to make the key...: Or, are you saying that my image (c3550-i5k2l2q3-mz.121-22.EA10.bin) may not support SSH?
Thanks again! -
jbrad95706
Member Posts: 225
According to this Cisco Hands On Training Podcast specially http://www.ciscohandsontraining.com/video/IOS-Version-Selection.mov ( Attention: this is a large video file) your image does not support ssh.
...but... it's working.:
