SSH Issue - urgent Help

patel.nishit · ‎05-13-2009

We have configured all the devices to be accessesd via SSH only, but today we can't SSH on any off our devices, all the devices andnetwork connections are fine.

Any idea why this could be.

darkbeatzz · ‎05-13-2009

can you http to them or is that not allowed? you would need to supply some debug info

nico.bakker · ‎05-13-2009

Did you add a domain name and generated an rsa key after that?

Some hints:

- Your hostname should not be the default name "Router"

- First add a domain-name (needed to generate the key)

my-router(config)#ip domain name mydomain

- Then generate a crypto key. I used 1024 bits in this example

my-router(config)#crypto key generate rsa

The name for the keys will be: my-router.mydomain

Choose the size of the key modulus in the range of 360 to 2048 for your

General Purpose Keys. Choosing a key modulus greater than 512 may take

a few minutes.

How many bits in the modulus [512]: 1024

% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

#############: %SSH-5-ENABLED: SSH 1.99 has been enabled

my-router(config)#

Patrick Laidlaw · ‎05-13-2009

Did someone push an access-class list to all of your vty ports?

Were you ever able to ssh to these devices?

Did someone change your AAA login method?

Did you use AAA radius or tacacs if so did something happen to it? My money is on this one.

patel.nishit · ‎05-14-2009

There is no ACL configured on the devices and only local AAA is configured to authenticate local password for SSH.

darkbeatzz · ‎05-14-2009

as I said you need to provide debug info

Patrick Laidlaw · ‎05-14-2009

Did you verify that the username and password are still on the device?

A "debug aaa authentication" and "debug ip ssh" would be really useful.

If you want answers provide those and I'm sure the group would be able to help you much easier.

andrels · ‎06-03-2009

have you added this statement under the vty lines ?

transport input ssh ?