02-25-2007 07:46 PM - edited 03-05-2019 02:34 PM
Hi,
Appreciate some advise on the following:
I have the following devices which require to be configured with ssh and tacacs-server key with encrypted text. I don't think the existing IOS supports the request. Please help to advise if the only way to fulfil the above is only to upgrade the IOS(If yes, which IOS?) or is there any commands which can do that.
No SSH
======
1) WS-C6509, Version 12.2(18)SXD6
2) WS-C4507R, Version 12.2(25)EWA1
3) WS-C3550-48-SMI, Version 12.1(9)EA1c
4) Cisco 2621, Version 12.2(7c)
5) WS-C3560-24PS, Version 12.2(25)SEB4
No SSH & Tacacs-server key in cleartext
=======================================
1) WS-C2924C-XL - Version 12.0(5)WC16
2) WS-C2924-XL - Version 12.0(5)XU
Thanks
02-25-2007 08:51 PM
In some routers/switches even with the service password-encryption commands the Tacacs & SSH keys are not shown encrypted.
The new IOS versions do show them in an encrypted format and hence i think that you need to upgrade your IOS.
HTH, rate if it does
Narayan
02-26-2007 01:09 AM
Do post the full image name. Or post the show versions from these switches/routers. This is just to see if you need an upgradation to run ssh.
Cheers
Hoogen
02-26-2007 06:36 AM
Christina
For the devices that you indicate do not have SSH it is more likely an issue of different feature set than it is an issue of different version. For SSH you need a feature set that supports encryption and some feature sets do support it and some do not.
For devices that you indicate do not encrypt the TACACS server key, first be sure that you have configured service password-encryption. If the key is still clear text then you need a more recent version of code. In earlier versions of code the service password-encryption encrypted only the line passwords and things like that but not the TACACS server key. In more recent versions of code it encrypts more things including the TACACS server key.
HTH
Rick
02-27-2007 07:27 AM
Hi Hoogen,
wonder what is the IOS version to upgrade and whether is it free?
No SSH
======
1) WS-C6509, Version 12.2(18)SXD6 - c6k222-jsv-mz.122-18.SXD6.bin
2) WS-C4507R, Version 12.2(25)EWA1 - cat4000-i9s-mz.122-25.EWA1.bin
3) WS-C3550-48-SMI, Version 12.1(9)EA1c - c3550-i9q3l2-mz.121-9.EA1c.bin
4) Cisco 2621, Version 12.2(7c) - c2600-js-mz.122-7c.bin
5) WS-C3560-24PS, Version 12.2(25)SEB4 - c3560-ipbase-mz.122-25.SEB4.bin
No SSH & Tacacs-server key in cleartext
=======================================
1) WS-C2924C-XL - Version 12.0(5)WC16 - c2900xl-c3h2s-mz.120-5.WC16.bin
2) WS-C2924-XL - Version 12.0(5)XU - c2900XL-c3h2s-mz-120.5-XU.bin
Thanks.
02-27-2007 07:28 AM
Hi Hoogen,
wonder what is the IOS version to upgrade and whether is it free?
No SSH
======
1) WS-C6509, Version 12.2(18)SXD6 - c6k222-jsv-mz.122-18.SXD6.bin
2) WS-C4507R, Version 12.2(25)EWA1 - cat4000-i9s-mz.122-25.EWA1.bin
3) WS-C3550-48-SMI, Version 12.1(9)EA1c - c3550-i9q3l2-mz.121-9.EA1c.bin
4) Cisco 2621, Version 12.2(7c) - c2600-js-mz.122-7c.bin
5) WS-C3560-24PS, Version 12.2(25)SEB4 - c3560-ipbase-mz.122-25.SEB4.bin
No SSH & Tacacs-server key in cleartext
=======================================
1) WS-C2924C-XL - Version 12.0(5)WC16 - c2900xl-c3h2s-mz.120-5.WC16.bin
2) WS-C2924-XL - Version 12.0(5)XU - c2900XL-c3h2s-mz-120.5-XU.bin
Thanks.
02-27-2007 07:42 AM
Friend,
You need a cryptographic image to run SSH.
If you have a valid cisco contract, then you can download the same from the cisco website
Narayan
02-27-2007 07:44 AM
I would require the show version and show module for these switches so that i can exactly guide you. Only thing you need is a CCO login to download these k9 images. I checked today with my sales people and they told me this upgrade doesn't get charged.
Cheers
Hoogen
02-27-2007 07:45 AM
Christina
If it is a version upgrade to get the encrypted TACACS server key and if you have service contracts on the equipment then I believe the upgrade is free. I found a nice article in TAC case collection which describes for Catalyst the versions of IOS where it is fixed:
http://www.ciscotaccc.com/kaidara-advisor/lanswitching/showcase?case=K38156732
This link requires CCO login. For those who may not have the proper login, here are the versions:
12.3(1.5), 12.3(1.5)T, 12.2(17.4), 12.2(17.4)S, 12.3(2.3)B, 12.3(7)XI, 12.0(31.1)S, 12.1(22)EA07
For solving the SSH issue, if it is a change in feature set, then I believe that there may be a charge for changing feature set.
HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: