Can't login via ssh, Cisco Catalyst 3560.

Unanswered Question

Hi all.

Im trying to login to my switch via ssh from a unix term (OS X) but i fail. Tried this:

ssh [email protected]

ssh -c des -l admin

None workes. Turned on debugging and found:

000247: 3d23h: SSH1: sent protocol version id SSH-1.99-Cisco-1.25

000248: 3d23h: SSH1: protocol version id is - SSH-2.0-OpenSSH_4.5

000249: Jun 27 22:01:19: %SSH-5-SSH2_SESSION: SSH2 Session request from (tty = 1) using crypto cipher 'aes128-cbc', hmac 'hmac-md5' Succeeded

000250: Jun 27 22:01:26: %SSH-5-SSH2_USERAUTH: User '' authentication for SSH2 Session from (tty = 1) using crypto cipher 'aes128-cbc', hmac 'hmac-md5' Failed

000251: Jun 27 22:01:26: %SSH-5-SSH2_CLOSE: SSH2 Session from (tty = 1) for user '' using crypto cipher 'aes128-cbc', hmac 'hmac-md5' closed

000252: 3d23h: SSH1: Session disconnected - error 0x00

It seems that the switch didn't catch my username but i can't figure out why. All help apreciated.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Joe Clarke Wed, 06/27/2007 - 15:47

"ssh -l cse" works for me from OS X 10.4.10. What does your switch config look like? What version of IOS are you running?

Hi, thx for replying.

I have the latest crypto for 3560, 12.2.25:

Cisco IOS Software, C3560 Software (C3560-IPBASEK9-M), Version 12.2(25)SEE3, RELEASE SOFTWARE (fc2)

Copyright (c) 1986-2007 by Cisco Systems, Inc.

Compiled Thu 22-Feb-07 15:39 by myl

Image text-base: 0x00003000, data-base: 0x00FF46A8

ROM: Bootstrap program is C3560 boot loader

BOOTLDR: C3560 Boot Loader (C3560-HBOOT-M) Version 12.2(25r)SEE4, RELEASE SOFTWARE (fc1)

switch_vaning-5 uptime is 4 days, 7 hours, 31 minutes

System returned to ROM by power-on

System restarted at 00:41:15 CET Sun Jun 24 2007

System image file is "flash:c3560-ipbasek9-mz.122-25.SEE3/c3560-ipbasek9-mz.122-25.SEE3.bin"

Heres my cfg except for the ports:

version 12.2

no service pad

service timestamps debug uptime

service timestamps log datetime

no service password-encryption

service sequence-numbers


hostname switch_vaning-5


logging count

no logging monitor

enable secret xxx

enable password xxxxx


username xxx privilege 15 secret xxx

username giobbi privilege 15 password 0 xxxxx

no aaa new-model

clock timezone CET 1

clock summer-time CET recurring last Sun Mar 2:00 last Sun Oct 3:00

vtp mode transparent

ip subnet-zero

no ip domain-lookup

ip domain-name

ip name-server


ip ftp username xxx

ip ftp password xxxxx

ip ssh logging events

interface Vlan1

ip address

no ip route-cache


ip default-gateway

ip classless

ip http server

ip http secure-server


logging facility local2


snmp-server community orvis RO





line con 0

line vty 0 4

password xxxx

no login

length 0

line vty 5 15

password xxxxx

no login



monitor session 1 source interface Gi0/21

monitor session 1 destination interface Gi0/18

ntp clock-period 36029386

ntp server 17.x.0.28 key 0 prefer


Running same OS X as you.



Joe Clarke Wed, 06/27/2007 - 22:26

You're missing a few bits to the config. First, you need an admin username. Next, you need to enable aaa new-model, and add something like:

aaa authentication login default local

Finally, you need to generate your crypto key on the switch:

crypto key generate rsa


This Discussion