cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3354
Views
5
Helpful
9
Replies

enable ssh access

SpeedCisco
Level 1
Level 1

Hi, I have a 3560G switch for the private lan segmentation. at the moment i access it throug a telnet session but i would like to disable this and enable ssh access, any clues on how to do it?

9 Replies 9

glen.grant
VIP Alumni
VIP Alumni

You have to have crypto code to run this . Does your imagename have a k9 in the middle of the name ?If not you will have to download new code. If it does just do the following.

conf t

crypto key gen rsa , enter

key length 1024,enter.

lin vty 0 15

transport input ssh

No,my image does not have a k9 in the middle, actually it looks like C3560-IPBASE-M , so where can i get that k9 type of image from?

and , am i gonna be able to run the same config file as i do now , and also have the ssh access utility?

Francisco

You would get that k9 type of image from the Cisco web site. Downloading images from Cisco requires a login with appropriate privileges (essentially it needs to be linked to a valid active service contract).

It looks like you are running the IP Base image and that does not support crypto or

SSH.

You would be able to run the same config (well the same config with some things added to it - but upgrading to the crypto image should not break anything in your existing config).

HTH

Rick

HTH

Rick

Hi Glen,

Pls help me!!! After doing that should it reflect after show run? If yes I am not getting that.

Only getting the same (as follows) output when I put sh crypto key mypubkey rsa

Thanks

Goutam

Goutam

After generating the key (in config mode) you will not see the key or anything about it in show run. The key is not stored in the config file.

Your post mentions output from sh crypto key mypubkey rsa, but it does not show the output. This makes it very difficult to provide any answers about it.

HTH

Rick

HTH

Rick

Hi Rick

Pls find the output

Router#sh crypto key mypubkey rsa

% Key pair was generated at: 17:57:34 India Feb 14 2008

Key name: Router.xyz.com

Usage: General Purpose Key

Key is not exportable.

Key Data:

30819F30 0D06092A 864886F7 0D010101 05000381 8D003081 89028181 00AE152D

BA73B857 D938D844 8C205C7A 5705AC72 98802BAF 46A7EF65 0486FBE3 70A594A0

275DFF1A 2490FBF5 0A030316 D873E013 253FF637 10BCEDD9 4E34F8E9 42E3226A

CAB0B5AF 164C2394 95A16F63 ADF6503C 9587B402 B1E19B3A 7B6B91F2 AE8BDC26

5A88571D 920B5C97 C2B6DE51 6266446D 714FBCFA 9B96D037 AF187FC1 15020301 0001

% Key pair was generated at: 11:57:58 India Feb 15 2008

Key name: Router.xyz.com.server

Usage: Encryption Key

Key is not exportable.

Key Data:

307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00A89DF7 C1EC7166

B09687E8 6950138D D595F3E1 21F84BA4 E2EB8E30 435ACEF2 7AEB890E 38478E3E

CB6E8179 5A2774C3 86A0052E F7B251AB 9F0B929D 8FFF9375 0CBB7541 57E8CCFD

0402D6C3 5B78CC71 696033A1 7AA8D722 7D258998 4FF74CD4 01020301 0001

Router#

Thanks

Goutam

Goutam

This output confirms that your image does support crypto and that the keys have been generated. You should be able to enable SSH on this router.

HTH

Rick

HTH

Rick

vaisharm
Cisco Employee
Cisco Employee

In addition to the steps mentioned by glen above you will have to create a user as well and configure line vty to use the locacl username/password.

conf t

username password

line vty 0 15

transport input ssh

login local

Issue 'show ip ssh' to check if ssh is enabled.

Are you accessing this router remotely or through console? If its remotely, I would advise keeping telnet access enabled for now and disable it only after you are sure that SSH is working okay.

Also, would you ssh to this router from a workstation or a Cisco router/switch?

Vaibhav

Your comment about needing to add a username and password is a good suggestion.

Configuring login local may or may not be necessary. If AAA is not enabled then you are correct about configuring login local. But if aaa new-model is configured then login local is the default behavior.

HTH

Rick

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco