05-10-2009 04:22 PM - edited 03-06-2019 05:38 AM
Hi All,
Planning to implement the access for Catalyst switch using shh. FYI, current IOS version - Version 12.2(25)EWA8. does it support for ssh?what consideration is necessary once doing this?what version is not support of using ssh?
Many thanks.
-sam
05-10-2009 04:50 PM
You need to have the Crypto IOS and in the following config:
line vty 0 15
transport input ssh telnet
line cons 0
transport input ssh telnet
Hope this helps.
05-10-2009 05:37 PM
what do you mean by Crypto IOS?anyway Version 12.2(25)EWA8 supports IOS for crypto (ssh) ?
Thanks for prompting response.
05-10-2009 05:56 PM
Sam:
You have to look at the IOS feature set, not just the version.
For example, you can have IOS version 12.2(35) that is running ipbase or ipbasek9.
Execute a "show verion" command from your router's prompt to see which version and feature set are running.
HTH
Victor
05-10-2009 10:33 PM
...and of course specify local username & password if you not using tacacs/ Radius and then generate RSA keys. Also specify logon local if above is used
crypto key generate rsa modulas 1024
05-11-2009 01:41 AM
Hi Sam,
To use ssh you need to do following
1. Confgiure hostname and domain name on switch
2. start aaa ( aaa new-model cmd this will allow to use local users to login via ssh if no tacacs is configure )
3. Generate rsa key ( crypto key generate rsa )
4. Enable SSH transport support ( transport input ssh ) at VTY lines
HTH
Raj
05-11-2009 03:28 AM
Do dir flash: or dir bootflash: depending on model and look at the imagename if it does "not" have a "k9" somewhere in the imagename it is not a crypto version and you will have to change your code to get the SSH feature .
05-11-2009 05:01 AM
Sam,
Do a "dir" at the command line. Copy the .bin file and then paste that into the Cisco IOS feature navigator.
Choose "search by image"
http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp
Paste in the .bin file name.
Within the search results you should see:
Secure Shell version 1 server
Secure Shell version 1 client
Secure Shell version 2 server
Secure Shell version 2 client
The "server" feature allows you to SSH using PUTTY (or some other ssh client) to connect to the switch.
The "client" feature allows you to SSH from the SWITCH to another SSH server (like from switch to switch).
Requirements for SSH:
Local password database
username test password cisco
username test secret cisco
Authentication on VTY lines
login local
OR
AAA Authentication
aaa new-model
aaa authentication login default local
aaa authentication enable default enable
VTY lines configured for SSH
transport input ssh
Create crypto keys
crypto gen key rsa gen Lable SSH_Keys mod 1024
*Hostname and Domain* are ONLY required if you don't label the keys.
"sh ip ssh" will show you the version of SSH.
Version 1.5 = SSHv1 only
Version 1.99 = SSHv1 & SSHv2
Version 2.0 = SSHv2 only
05-19-2009 06:46 PM
Hi All,
Many Thanks for help.
Rgds,
sam
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: