06-27-2007 02:19 PM
Hi all.
Im trying to login to my switch via ssh from a unix term (OS X) but i fail. Tried this:
ssh admin@10.0.5.140
ssh -c des -l admin 10.0.5.140
None workes. Turned on debugging and found:
000247: 3d23h: SSH1: sent protocol version id SSH-1.99-Cisco-1.25
000248: 3d23h: SSH1: protocol version id is - SSH-2.0-OpenSSH_4.5
000249: Jun 27 22:01:19: %SSH-5-SSH2_SESSION: SSH2 Session request from 10.0.5.140 (tty = 1) using crypto cipher 'aes128-cbc', hmac 'hmac-md5' Succeeded
000250: Jun 27 22:01:26: %SSH-5-SSH2_USERAUTH: User '' authentication for SSH2 Session from 10.0.5.140 (tty = 1) using crypto cipher 'aes128-cbc', hmac 'hmac-md5' Failed
000251: Jun 27 22:01:26: %SSH-5-SSH2_CLOSE: SSH2 Session from 10.0.5.140 (tty = 1) for user '' using crypto cipher 'aes128-cbc', hmac 'hmac-md5' closed
000252: 3d23h: SSH1: Session disconnected - error 0x00
It seems that the switch didn't catch my username but i can't figure out why. All help apreciated.
Thx.
p
06-27-2007 03:47 PM
"ssh -l cse 10.32.15.1" works for me from OS X 10.4.10. What does your switch config look like? What version of IOS are you running?
06-27-2007 10:15 PM
Hi, thx for replying.
I have the latest crypto for 3560, 12.2.25:
Cisco IOS Software, C3560 Software (C3560-IPBASEK9-M), Version 12.2(25)SEE3, RELEASE SOFTWARE (fc2)
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Thu 22-Feb-07 15:39 by myl
Image text-base: 0x00003000, data-base: 0x00FF46A8
ROM: Bootstrap program is C3560 boot loader
BOOTLDR: C3560 Boot Loader (C3560-HBOOT-M) Version 12.2(25r)SEE4, RELEASE SOFTWARE (fc1)
switch_vaning-5 uptime is 4 days, 7 hours, 31 minutes
System returned to ROM by power-on
System restarted at 00:41:15 CET Sun Jun 24 2007
System image file is "flash:c3560-ipbasek9-mz.122-25.SEE3/c3560-ipbasek9-mz.122-25.SEE3.bin"
Heres my cfg except for the ports:
version 12.2
no service pad
service timestamps debug uptime
service timestamps log datetime
no service password-encryption
service sequence-numbers
!
hostname switch_vaning-5
!
logging count
no logging monitor
enable secret xxx
enable password xxxxx
!
username xxx privilege 15 secret xxx
username giobbi privilege 15 password 0 xxxxx
no aaa new-model
clock timezone CET 1
clock summer-time CET recurring last Sun Mar 2:00 last Sun Oct 3:00
vtp mode transparent
ip subnet-zero
no ip domain-lookup
ip domain-name fb.se
ip name-server 10.0.5.246
!
ip ftp username xxx
ip ftp password xxxxx
ip ssh logging events
interface Vlan1
ip address 10.0.5.218 255.255.255.0
no ip route-cache
!
ip default-gateway 10.0.5.1
ip classless
ip http server
ip http secure-server
!
logging facility local2
logging 10.0.8.184
snmp-server community orvis RO
!
control-plane
!
!
line con 0
line vty 0 4
password xxxx
no login
length 0
line vty 5 15
password xxxxx
no login
!
!
monitor session 1 source interface Gi0/21
monitor session 1 destination interface Gi0/18
ntp clock-period 36029386
ntp server 17.x.0.28 key 0 prefer
end
Running same OS X as you.
Thanks!!
p
06-27-2007 10:26 PM
You're missing a few bits to the config. First, you need an admin username. Next, you need to enable aaa new-model, and add something like:
aaa authentication login default local
Finally, you need to generate your crypto key on the switch:
crypto key generate rsa
06-28-2007 11:51 PM
Great!
Work like a charm. Now i just have to make my new-added admin to work.
: )
Many thx.
03-15-2017 05:24 PM
Hi Joe,
I have all config mentioned on above blog on one of our 3560, still I am not able to login. Can you please help me on this.
sh ver
Cisco IOS Software, C3560E Software (C3560E-UNIVERSALK9-M), Version 12.2(55)SE3, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Thu 05-May-11 15:57 by prod_rel_team
Image text-base: 0x00003000, data-base: 0x02800000
sh runn | in aaa
aaa new-model
aaa authentication login default local
aaa session-id common
sh runn | be vty
line vty 0 4
transport input ssh
line vty 5 15
transport input ssh
!
end
and have crypto key generate rsa enabled on switch.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: