02-13-2008 06:25 AM - edited 03-05-2019 09:07 PM
Hi, I have a 3560G switch for the private lan segmentation. at the moment i access it throug a telnet session but i would like to disable this and enable ssh access, any clues on how to do it?
02-13-2008 06:55 AM
You have to have crypto code to run this . Does your imagename have a k9 in the middle of the name ?If not you will have to download new code. If it does just do the following.
conf t
crypto key gen rsa , enter
key length 1024,enter.
lin vty 0 15
transport input ssh
02-14-2008 02:31 AM
No,my image does not have a k9 in the middle, actually it looks like C3560-IPBASE-M , so where can i get that k9 type of image from?
and , am i gonna be able to run the same config file as i do now , and also have the ssh access utility?
02-14-2008 05:08 AM
Francisco
You would get that k9 type of image from the Cisco web site. Downloading images from Cisco requires a login with appropriate privileges (essentially it needs to be linked to a valid active service contract).
It looks like you are running the IP Base image and that does not support crypto or
SSH.
You would be able to run the same config (well the same config with some things added to it - but upgrading to the crypto image should not break anything in your existing config).
HTH
Rick
02-14-2008 04:34 AM
Hi Glen,
Pls help me!!! After doing that should it reflect after show run? If yes I am not getting that.
Only getting the same (as follows) output when I put sh crypto key mypubkey rsa
Thanks
Goutam
02-14-2008 05:11 AM
Goutam
After generating the key (in config mode) you will not see the key or anything about it in show run. The key is not stored in the config file.
Your post mentions output from sh crypto key mypubkey rsa, but it does not show the output. This makes it very difficult to provide any answers about it.
HTH
Rick
02-14-2008 10:42 PM
Hi Rick
Pls find the output
Router#sh crypto key mypubkey rsa
% Key pair was generated at: 17:57:34 India Feb 14 2008
Key name: Router.xyz.com
Usage: General Purpose Key
Key is not exportable.
Key Data:
30819F30 0D06092A 864886F7 0D010101 05000381 8D003081 89028181 00AE152D
BA73B857 D938D844 8C205C7A 5705AC72 98802BAF 46A7EF65 0486FBE3 70A594A0
275DFF1A 2490FBF5 0A030316 D873E013 253FF637 10BCEDD9 4E34F8E9 42E3226A
CAB0B5AF 164C2394 95A16F63 ADF6503C 9587B402 B1E19B3A 7B6B91F2 AE8BDC26
5A88571D 920B5C97 C2B6DE51 6266446D 714FBCFA 9B96D037 AF187FC1 15020301 0001
% Key pair was generated at: 11:57:58 India Feb 15 2008
Key name: Router.xyz.com.server
Usage: Encryption Key
Key is not exportable.
Key Data:
307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00A89DF7 C1EC7166
B09687E8 6950138D D595F3E1 21F84BA4 E2EB8E30 435ACEF2 7AEB890E 38478E3E
CB6E8179 5A2774C3 86A0052E F7B251AB 9F0B929D 8FFF9375 0CBB7541 57E8CCFD
0402D6C3 5B78CC71 696033A1 7AA8D722 7D258998 4FF74CD4 01020301 0001
Router#
Thanks
Goutam
02-15-2008 05:42 AM
Goutam
This output confirms that your image does support crypto and that the keys have been generated. You should be able to enable SSH on this router.
HTH
Rick
02-14-2008 11:41 PM
In addition to the steps mentioned by glen above you will have to create a user as well and configure line vty to use the locacl username/password.
conf t
username
line vty 0 15
transport input ssh
login local
Issue 'show ip ssh' to check if ssh is enabled.
Are you accessing this router remotely or through console? If its remotely, I would advise keeping telnet access enabled for now and disable it only after you are sure that SSH is working okay.
Also, would you ssh to this router from a workstation or a Cisco router/switch?
02-15-2008 05:29 AM
Vaibhav
Your comment about needing to add a username and password is a good suggestion.
Configuring login local may or may not be necessary. If AAA is not enabled then you are correct about configuring login local. But if aaa new-model is configured then login local is the default behavior.
HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: