Can't login via ssh, Cisco Catalyst 3560.

piero.giobbi · ‎06-27-2007

Hi all.

Im trying to login to my switch via ssh from a unix term (OS X) but i fail. Tried this:

ssh admin@10.0.5.140

ssh -c des -l admin 10.0.5.140

None workes. Turned on debugging and found:

000247: 3d23h: SSH1: sent protocol version id SSH-1.99-Cisco-1.25

000248: 3d23h: SSH1: protocol version id is - SSH-2.0-OpenSSH_4.5

000249: Jun 27 22:01:19: %SSH-5-SSH2_SESSION: SSH2 Session request from 10.0.5.140 (tty = 1) using crypto cipher 'aes128-cbc', hmac 'hmac-md5' Succeeded

000250: Jun 27 22:01:26: %SSH-5-SSH2_USERAUTH: User '' authentication for SSH2 Session from 10.0.5.140 (tty = 1) using crypto cipher 'aes128-cbc', hmac 'hmac-md5' Failed

000251: Jun 27 22:01:26: %SSH-5-SSH2_CLOSE: SSH2 Session from 10.0.5.140 (tty = 1) for user '' using crypto cipher 'aes128-cbc', hmac 'hmac-md5' closed

000252: 3d23h: SSH1: Session disconnected - error 0x00

It seems that the switch didn't catch my username but i can't figure out why. All help apreciated.

Thx.

p

Joe Clarke · ‎06-27-2007

"ssh -l cse 10.32.15.1" works for me from OS X 10.4.10. What does your switch config look like? What version of IOS are you running?

piero.giobbi · ‎06-27-2007

Hi, thx for replying.

I have the latest crypto for 3560, 12.2.25:

Cisco IOS Software, C3560 Software (C3560-IPBASEK9-M), Version 12.2(25)SEE3, RELEASE SOFTWARE (fc2)

Compiled Thu 22-Feb-07 15:39 by myl

Image text-base: 0x00003000, data-base: 0x00FF46A8

ROM: Bootstrap program is C3560 boot loader

BOOTLDR: C3560 Boot Loader (C3560-HBOOT-M) Version 12.2(25r)SEE4, RELEASE SOFTWARE (fc1)

switch_vaning-5 uptime is 4 days, 7 hours, 31 minutes

System returned to ROM by power-on

System restarted at 00:41:15 CET Sun Jun 24 2007

System image file is "flash:c3560-ipbasek9-mz.122-25.SEE3/c3560-ipbasek9-mz.122-25.SEE3.bin"

Heres my cfg except for the ports:

version 12.2

no service pad

service timestamps debug uptime

service timestamps log datetime

no service password-encryption

service sequence-numbers

!

hostname switch_vaning-5

!

logging count

no logging monitor

enable secret xxx

enable password xxxxx

!

username xxx privilege 15 secret xxx

username giobbi privilege 15 password 0 xxxxx

no aaa new-model

clock timezone CET 1

clock summer-time CET recurring last Sun Mar 2:00 last Sun Oct 3:00

vtp mode transparent

ip subnet-zero

no ip domain-lookup

ip domain-name fb.se

ip name-server 10.0.5.246

!

ip ftp username xxx

ip ftp password xxxxx

ip ssh logging events

interface Vlan1

ip address 10.0.5.218 255.255.255.0

no ip route-cache

!

ip default-gateway 10.0.5.1

ip classless

ip http server

ip http secure-server

!

logging facility local2

logging 10.0.8.184

snmp-server community orvis RO

!

control-plane

!

line con 0

line vty 0 4

password xxxx

no login

length 0

line vty 5 15

password xxxxx

no login

!

monitor session 1 source interface Gi0/21

monitor session 1 destination interface Gi0/18

ntp clock-period 36029386

ntp server 17.x.0.28 key 0 prefer

end

Running same OS X as you.

Thanks!!

p

Joe Clarke · ‎06-27-2007

You're missing a few bits to the config. First, you need an admin username. Next, you need to enable aaa new-model, and add something like:

aaa authentication login default local

Finally, you need to generate your crypto key on the switch:

crypto key generate rsa

piero.giobbi · ‎06-28-2007

Great!

Work like a charm. Now i just have to make my new-added admin to work.

: )

Many thx.

vkumarhs · ‎03-15-2017

Hi Joe,

I have all config mentioned on above blog on one of our 3560, still I am not able to login. Can you please help me on this.

sh ver
Cisco IOS Software, C3560E Software (C3560E-UNIVERSALK9-M), Version 12.2(55)SE3, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Thu 05-May-11 15:57 by prod_rel_team
Image text-base: 0x00003000, data-base: 0x02800000

sh runn | in aaa
aaa new-model
aaa authentication login default local
aaa session-id common

sh runn | be vty
line vty 0 4
transport input ssh
line vty 5 15
transport input ssh
!
end

and have crypto key generate rsa enabled on switch.