Connection error (SSH) : Please help!

veritas_libertas

This one really has me scratching my head

I came back from church tonight and tried to connect to 2950 through SSH, my typical way of connecting, and received this nice notice PuTTy:



I can connect through the serial connection but not SSH. I have been trying new commands out, but I don't remember modifying anything permanetly. Anyone have any ideas on what this is? I could just reset everything, but I know I wouldn't anything.

Met44

Do the vty lines have "transport input ssh" configured?

Bl8ckr0uter

Met44 wrote: »

Do the vty lines have "transport input ssh" configured?

+1 I am willing to bet that is the issue.

veritas_libertas

Do the vty lines have "transport input ssh" configured?

I apologize for being ignorant (which I most certainly am ), would this be under startup-config?

Met44

It should be in running config, since running config is the configuration currently in use by the box. Save it to startup config if you want the configuration to persist after a reboot.

veritas_libertas

Met44 wrote: »

Do the vty lines have "transport input ssh" configured?

What should this look like? I am looking through my running-config and this what I have:

cisco2950#sho running-config
Building configuration...

Current configuration : 1325 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname cisco2950
!
enable secret 5 $1$r/DF$AUX6/JZAP4jaALeD4vGAG/
enable password
!
ip subnet-zero
!
ip ssh time-out 120
ip ssh authentication-retries 3
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface FastEthernet0/25
!
interface FastEthernet0/26
!
interface Vlan1
ip address 192.168.0.41 255.255.255.0
no ip route-cache
!
ip http server
!
line con 0
line vty 0 4
password
login
line vty 5 15
password
login
!
!
end

Bl8ckr0uter

veritas_libertas wrote: »

What should this look like? I am looking through my running-config and this what I have:

cisco2950#sho running-config
Building configuration...

Current configuration : 1325 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname cisco2950
!
enable secret 5 $1$r/DF$AUX6/JZAP4jaALeD4vGAG/
enable password
!
ip subnet-zero
!
ip ssh time-out 120
ip ssh authentication-retries 3
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface FastEthernet0/25
!
interface FastEthernet0/26
!
interface Vlan1
ip address 192.168.0.41 255.255.255.0
no ip route-cache
!
ip http server
!
line con 0
line vty 0 4
password
login
line vty 5 15
password
login
!
!
end

It isn't there. You should see transport input ssh or transport input input telnet ssh in your line config (by line vty 0 4). Do you have anything against telneting into the device for now.

veritas_libertas

knwminus wrote: »

It isn't there. You should see transport input ssh or transport input input telnet ssh in your line config (by line vty 0 4). Do you have anything against telneting into the device for now.

Well, there is the fact that I don't know how I managed to disable it (at least that is how I am interpreting what you have said).

So all I should have to do is re-enable SSH right?

Met44

veritas_libertas wrote: »

line vty 0 4
password
login
line vty 5 15
password
login

This bit should have the statement "transport input ssh".

So from global config mode, you need to enter "line vty 0 15", then "transport input ssh".

You should also check out this document: Configuring Secure Shell on Routers and Switches Running Cisco IOS - Cisco Systems

Bl8ckr0uter

veritas_libertas wrote: »

Well, there is the fact that I don't know how I managed to disable it (at least that is how I am interpreting what you have said).

So all I should have to do is re-enable SSH right?

No it isn't enabled by default so it isn't you that did anything

Edit: Met beat me to it.

veritas_libertas

Met44 wrote: »

This bit should have the statement "transport input ssh".

So from global config mode, you need to enter "line vty 0 15", then "transport input ssh".

You should also check out this document: Configuring Secure Shell on Routers and Switches Running Cisco IOS - Cisco Systems

Thanks, I figured all I had to do was re-enable it. Any idea what I might have done to mess it up?

Met44

Perhaps you forgot to save your configuration before the last time you rebooted (a la "wr mem" or
"copy run start")?

veritas_libertas

Met44 wrote: »

Perhaps you forgot to save your configuration before the last time you rebooted (a la "wr mem" or
"copy run start")?

I doubt it was that. I turn my switch off at the end of the day. Weird... Oh well, at least I know how to fix the problem.

Forsaken_GA

veritas_libertas wrote: »

I doubt it was that. I turn my switch off at the end of the day. Weird... Oh well, at least I know how to fix the problem.

It probably was that then If you turn it off every day, and you forgot to wr mem after enabling ssh, when it comes back up, it's not going to have ssh.

Trust me man, forgetting to save the config is a sin many are guilty of.

ColbyG

Another common cause is forgetting to generate an RSA key, FYI.

veritas_libertas

Well, that is weird. I wrote it to memory the day I configured it (a week before Christmas) haven't seen this problem till now.

I guess it happens...

elphrank0

veritas_libertas wrote: »

Well, that is weird. I wrote it to memory the day I configured it (a week before Christmas) haven't seen this problem till now.

I guess it happens...

Also note that Putty's default is SSH, some get confused on that especially if it is the first time they are using putty. If you click on Telnet, then "Save as Default" at the bottom, it will make telnet the default. Not sure if that may or may not have been your prob but something to look at!

veritas_libertas

Met44 wrote: »

This bit should have the statement "transport input ssh".

So from global config mode, you need to enter "line vty 0 15", then "transport input ssh".

You should also check out this document: Configuring Secure Shell on Routers and Switches Running Cisco IOS - Cisco Systems

Well, I apologize, you guys were right. I had it auto set to login with PuTTY on Telnet It should have been clue that it wasn't SSH since I didn't have to put in a user name. Now I am reallllllllllllllly embarrassed

I humbly beg your forgiveness Cisco experts

mgeorge

First off I do not see an ip domain-name domain.we specified

So therefore under that assumption you have no rsa certificate generated.

transport input ssh is NOT required under vty lines as by default all transport protocols are allowed, placing transport input ssh will allow ONLY ssh.

Also since you do not have any local username's setup nor do you have login local specified under the vty lines therefore you'd not be able to authenticate to the device regardless when trying to establish an ssh session.

I started writing this lab here but I did not finish it as I gotta write a few labs before it regarding local user accounts but it'll tell you how to generate your RSA certificate;

Configuring Secure Shell Virtual Terminal Access (SSH) | Free CCNA Workbook

After you have an RSA certificate generated you can create a local username in global configuration mode using the following command;
username johndoe privilege 15 secret Omgosh!

Once you have a local user name setup you then need to tell the vty lines to authenticate incoming sessions to authenticate using the local database which can be done by executing this command under vty line configuration mode;
vty line 0 4
login local

veritas_libertas

mgeorge wrote: »

First off I do not see an ip domain-name domain.we specified

So therefore under that assumption you have no rsa certificate generated.

transport input ssh is NOT required under vty lines as by default all transport protocols are allowed, placing transport input ssh will allow ONLY ssh.

Also since you do not have any local username's setup nor do you have login local specified under the vty lines therefore you'd not be able to authenticate to the device regardless when trying to establish an ssh session.

I started writing this lab here but I did not finish it as I gotta write a few labs before it regarding local user accounts but it'll tell you how to generate your RSA certificate;

Configuring Secure Shell Virtual Terminal Access (SSH) | Free CCNA Workbook

Yeah, I ended up redoing the whole thing

Your workbook is really coming along well!