SSH catalyst switch

Unanswered Question
May 10th, 2009

Hi All,

Planning to implement the access for Catalyst switch using shh. FYI, current IOS version - Version 12.2(25)EWA8. does it support for ssh?what consideration is necessary once doing this?what version is not support of using ssh?

Many thanks.

-sam

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Leo Laohoo Sun, 05/10/2009 - 16:50

You need to have the Crypto IOS and in the following config:

line vty 0 15

transport input ssh telnet

line cons 0

transport input ssh telnet

Hope this helps.

sam_manay Sun, 05/10/2009 - 17:37

what do you mean by Crypto IOS?anyway Version 12.2(25)EWA8 supports IOS for crypto (ssh) ?

Thanks for prompting response.

lamav Sun, 05/10/2009 - 17:56

Sam:

You have to look at the IOS feature set, not just the version.

For example, you can have IOS version 12.2(35) that is running ipbase or ipbasek9.

Execute a "show verion" command from your router's prompt to see which version and feature set are running.

HTH

Victor

pieterddejong Sun, 05/10/2009 - 22:33

...and of course specify local username & password if you not using tacacs/ Radius and then generate RSA keys. Also specify logon local if above is used

crypto key generate rsa modulas 1024

rajinikanth Mon, 05/11/2009 - 01:41

Hi Sam,

To use ssh you need to do following

1. Confgiure hostname and domain name on switch

2. start aaa ( aaa new-model cmd this will allow to use local users to login via ssh if no tacacs is configure )

3. Generate rsa key ( crypto key generate rsa )

4. Enable SSH transport support ( transport input ssh ) at VTY lines

HTH

Raj

glen.grant Mon, 05/11/2009 - 03:28

Do dir flash: or dir bootflash: depending on model and look at the imagename if it does "not" have a "k9" somewhere in the imagename it is not a crypto version and you will have to change your code to get the SSH feature .

Sam,

Do a "dir" at the command line. Copy the .bin file and then paste that into the Cisco IOS feature navigator.

Choose "search by image"

http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp

Paste in the .bin file name.

Within the search results you should see:

Secure Shell version 1 server

Secure Shell version 1 client

Secure Shell version 2 server

Secure Shell version 2 client

The "server" feature allows you to SSH using PUTTY (or some other ssh client) to connect to the switch.

The "client" feature allows you to SSH from the SWITCH to another SSH server (like from switch to switch).

Requirements for SSH:

Local password database

username test password cisco

username test secret cisco

Authentication on VTY lines

login local

OR

AAA Authentication

aaa new-model

aaa authentication login default local

aaa authentication enable default enable

VTY lines configured for SSH

transport input ssh

Create crypto keys

crypto gen key rsa gen Lable SSH_Keys mod 1024

*Hostname and Domain* are ONLY required if you don't label the keys.

"sh ip ssh" will show you the version of SSH.

Version 1.5 = SSHv1 only

Version 1.99 = SSHv1 & SSHv2

Version 2.0 = SSHv2 only

Actions

This Discussion