cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
755
Views
0
Helpful
8
Replies

SSH catalyst switch

sam_manay
Level 1
Level 1

Hi All,

Planning to implement the access for Catalyst switch using shh. FYI, current IOS version - Version 12.2(25)EWA8. does it support for ssh?what consideration is necessary once doing this?what version is not support of using ssh?

Many thanks.

-sam

8 Replies 8

Leo Laohoo
Hall of Fame
Hall of Fame

You need to have the Crypto IOS and in the following config:

line vty 0 15

transport input ssh telnet

line cons 0

transport input ssh telnet

Hope this helps.

what do you mean by Crypto IOS?anyway Version 12.2(25)EWA8 supports IOS for crypto (ssh) ?

Thanks for prompting response.

Sam:

You have to look at the IOS feature set, not just the version.

For example, you can have IOS version 12.2(35) that is running ipbase or ipbasek9.

Execute a "show verion" command from your router's prompt to see which version and feature set are running.

HTH

Victor

pieterddejong
Level 1
Level 1

...and of course specify local username & password if you not using tacacs/ Radius and then generate RSA keys. Also specify logon local if above is used

crypto key generate rsa modulas 1024

rajinikanth
Level 3
Level 3

Hi Sam,

To use ssh you need to do following

1. Confgiure hostname and domain name on switch

2. start aaa ( aaa new-model cmd this will allow to use local users to login via ssh if no tacacs is configure )

3. Generate rsa key ( crypto key generate rsa )

4. Enable SSH transport support ( transport input ssh ) at VTY lines

HTH

Raj

Do dir flash: or dir bootflash: depending on model and look at the imagename if it does "not" have a "k9" somewhere in the imagename it is not a crypto version and you will have to change your code to get the SSH feature .

bretjaquish
Level 3
Level 3

Sam,

Do a "dir" at the command line. Copy the .bin file and then paste that into the Cisco IOS feature navigator.

Choose "search by image"

http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp

Paste in the .bin file name.

Within the search results you should see:

Secure Shell version 1 server

Secure Shell version 1 client

Secure Shell version 2 server

Secure Shell version 2 client

The "server" feature allows you to SSH using PUTTY (or some other ssh client) to connect to the switch.

The "client" feature allows you to SSH from the SWITCH to another SSH server (like from switch to switch).

Requirements for SSH:

Local password database

username test password cisco

username test secret cisco

Authentication on VTY lines

login local

OR

AAA Authentication

aaa new-model

aaa authentication login default local

aaa authentication enable default enable

VTY lines configured for SSH

transport input ssh

Create crypto keys

crypto gen key rsa gen Lable SSH_Keys mod 1024

*Hostname and Domain* are ONLY required if you don't label the keys.

"sh ip ssh" will show you the version of SSH.

Version 1.5 = SSHv1 only

Version 1.99 = SSHv1 & SSHv2

Version 2.0 = SSHv2 only

sam_manay
Level 1
Level 1

Hi All,

Many Thanks for help.

Rgds,

sam

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: