How to configure ssh on cisco 4948-10GE switch?

Answered Question
Oct 26th, 2007
User Badges:

How to configure ssh on cisco 4948-10GE switch? I have configured ssh on 6500 series but seems the commands are different for 4900 series.


I will give the rating to the person who provides me the answer!


Thanks,

Sameer

Correct Answer by szahid about 9 years 8 months ago

Sameer :

That means you do not have acrypto image. Does your image have a "K9" notation in the file name ?


thanks

Salman.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
szahid Fri, 10/26/2007 - 16:17
User Badges:
  • Silver, 250 points or more

Please try the following procedure .


a) Configure hostname and domain-name, username and password.


config t


hostname 4948

ip domain-name test4948.com

username cisco passowrd cisco




b) ssh config below, enter the crypto command as I have. Other keys like 512 bits did not work for me.

4948#conf t

Enter configuration commands, one per line. End with CNTL/Z.

4948(config)#crypto key generate rsa modulus 1024

The name for the keys will be: 4948.test4948.com

% You already have RSA keys defined for sup2+.domain.com

% They will be replaced.

% The key modulus size is 1024 bits

Generating RSA keys ...

[OK]

4948(config)#end

line vty 0 4

exec-timeout 2880 0

login local

length 0

transport input ssh


c) Check the syslog if ssh is enabled:

4948#sh log

Feb 12 11:04:38.756 PST: %SSH-5-DISABLED: SSH 1.99 has been disabled

Feb 12 11:04:39.952 PST: %SSH-5-ENABLED: SSH 1.5 has been enabled

d) Check the following command on ssh

4948+#show ip ssh

SSH Enabled - version 1.99

Authentication timeout: 120 secs; Authentication retries: 3

4948#

e) Try the client as seen below from UNIX:


f) The ssh v2 is running:

4948#sh ssh

Connection Version Mode Encryption Hmac State Username

0 2.0 IN 3des-cbc hmac-md5 Session started salman

0 2.0 OUT 3des-cbc hmac-md5 Session started salman

%No SSHv1 server connections running.

sup2+#

4948#sh crypto key mypubkey rsa

% Key pair was generated at: 11:04:39 PST Feb 12 2004

Key name: 4948.test4948.com

Usage: General Purpose Key

Key Data:

30819F30 0D06092A 864886F7 0D010101 05000381 8D003081 89028181 00D12B00

6B0ABCA4 C617F523 42BC485F 171B4B1C AD86CC47 D95465DD 719FED4C B2B80504 B69D490A

7CE36E94 35476D56 CACB5490 DF519ED7 C42C86FF 9E853461 978925DC 467B7753 21A43499

705DEDFF AA916FA9 CB1BAAB6 167886F0 AC39AEA0 3ED21CE1 C43EDA76 D8D39612 A3F7D3D6

861FDFA3 231E9CAB 40BE7017 4EDF5EBC 47020301 0001

% Key pair was generated at: 11:04:40 PST Feb 12 2004

Key name: sup2+.domain.com

Usage: Encryption Key

Key Data:

307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00B779C6 383FFCAB

73EA5209 86BD5353 9C29B5C4 B2D78F97 24554CA9 A5DB866B 26688F35 9F3C7CBB

E90A1A96 B36BAA10 BBD86069 47A52551 7E8F10E2 639D8871 EBBD689B 5C29EB6E

A5C4F750 A5A33A8C CFC0078B CB6CBDEF A3163FBE 81E9D85C 35020301 0001



4948#


let me know if this works for you.


Thanks

Salman.

sameerkhurana Fri, 10/26/2007 - 16:49
User Badges:

Hi Salman,


First of all Thanks for replying!!!


I have configured the 1st three steps:

hostname test-28-4k

ip domain-name test.com

username cisco password cisco


But, while giving the crypto commands... the switch is not accepting.

--------------------------------------------

test-28-4k(config)#crypto key ?

% Unrecognized command

test-28-4k(config)#crypto key generate rsa modulus 1024

^

% Invalid input detected at '^' marker.

--------------------------------------------


Seems to me that the 4900 doesn't support all the IOS for ssh. Can you please confirm, which IOS you are using and maybe I will try with the same one.


Thanks,

Sameer


Correct Answer
szahid Fri, 10/26/2007 - 17:13
User Badges:
  • Silver, 250 points or more

Sameer :

That means you do not have acrypto image. Does your image have a "K9" notation in the file name ?


thanks

Salman.

glen.grant Sat, 10/27/2007 - 05:19
User Badges:
  • Purple, 4500 points or more

You have to have a specific version of IOS that supports crypto code in order to run SSH . If you have acontract you can get it , if not then you have to get one to download the code or SSH may not be an option you can use.

Actions

This Discussion