2960G SSH ISSUE

Answered Question
Aug 19th, 2009

Hello,

I just purchased 3 2960Gs and I am wondering I grabbed the latest IOS I could find but SSH is not working. The list of available IOS has w/o crypto and lanbase. I grabbed the right one no? I mean w/o means without right??

Sh version

Cisco IOS Software, C2960 Software (C2960-LANBASE-M), Version 12.2(50)SE3, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2009 by Cisco Systems, Inc.

Compiled Wed 22-Jul-09 07:03 by prod_rel_team

Image text-base: 0x00003000, data-base: 0x01200000

ROM: Bootstrap program is C2960 boot loader

BOOTLDR: C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(44)SE5, RELEASE SOFTWARE (fc1)

cab2sw2-2fl-2960g uptime is 41 minutes

System returned to ROM by power-on

System image file is "flash:/c2960-lanbase-mz.122-50.SE3.bin"

cisco WS-C2960G-48TC-L (PowerPC405) processor (revision E0) with 65536K bytes of memory.

Processor board ID FOC1315Z3CH

Last reset from power-on

1 Virtual Ethernet interface

48 Gigabit Ethernet interfaces

The password-recovery mechanism is enabled.

64K bytes of flash-simulated non-volatile configuration memory.

Base ethernet MAC Address : 00:24:F7:AB:CA:80

Motherboard assembly number : 73-10300-08

Power supply part number : 341-0098-02

Motherboard serial number : FOC13153A4M

Power supply serial number : DCA1314926D

Model revision number : E0

Motherboard revision number : A0

Model number : WS-C2960G-48TC-L

System serial number : FOC1315Z3CH

Top Assembly Part Number : 800-27071-03

Top Assembly Revision Number : A0

Version ID : V03

CLEI Code Number : COM4A10BRC

Hardware Board Revision Number : 0x01

Switch Ports Model SW Version SW Image

------ ----- ----- ---------- ----------

* 1 48 WS-C2960G-48TC-L 12.2(50)SE3 C2960-LANBASE-M

I have this problem too.
0 votes
Correct Answer by Lucien Avramov about 7 years 5 months ago

c2960-lanbasek9-mz.122-50.SE3.bin has a k9 as i mentionned earlier. make sure your image filename has a k9 if you want SSH feature.

Correct Answer by Edison Ortiz about 7 years 5 months ago

You need this image c2960-lanbasek9-mz.122-50.SE3.bin

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Lucien Avramov Wed, 08/19/2009 - 10:48

You grabbed an image that does NOT have crypto. You need a crypto image for SSH to work.

w/o means without.

The image filename, when it's crypto will have a k9 in it.

pener1963 Wed, 08/19/2009 - 12:36

OK I got the w/o image but I didnt get the k9 one.

Many thanks

Correct Answer
Lucien Avramov Wed, 08/19/2009 - 14:51

c2960-lanbasek9-mz.122-50.SE3.bin has a k9 as i mentionned earlier. make sure your image filename has a k9 if you want SSH feature.

pener1963 Thu, 08/20/2009 - 04:33

Hi again. I have the version for ssh installed on the switch but when I get into the line interfaces to try and say only ssh for connecting I dont have that choice:

transport ?

output Define which protocols to use for outgoing connections

preferred Specify the preferred protocol to use

I should see the input option there right wich I would follow by ssh.

What is up?

Here is my sh version just to be sure:

cab2sw2-2fl-2960g#sh ver

Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(50)SE3, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2009 by Cisco Systems, Inc.

Compiled Wed 22-Jul-09 07:03 by prod_rel_team

Image text-base: 0x00003000, data-base: 0x01400000

ROM: Bootstrap program is C2960 boot loader

BOOTLDR: C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(44)SE5, RELEASE SOFTWARE (fc1)

cab2sw2-2fl-2960g uptime is 14 minutes

System returned to ROM by power-on

System image file is "flash:/c2960-lanbasek9-mz.122-50.SE3.bin"

Edison Ortiz Thu, 08/20/2009 - 05:47

That's very odd.

I found a 2960 with an older image around here and it has the 'transport input' available. This image is not even a SSH image.

(config-line)#transport ?

input Define which protocols to use when connecting to the terminal

server

output Define which protocols to use for outgoing connections

preferred Specify the preferred protocol to use

sh ver | i IOS

Cisco IOS Software, C2960 Software (C2960-LANBASE-M), Version 12.2(25)SEE2, RELEASE SOFTWARE (fc1)

I wonder if 12.2(50)SE3 is introducing this behavior. Can you try 12.2(44)SE6 with K9 support?

__

Edison.

pener1963 Thu, 08/20/2009 - 06:33

Hi Edison,

Thanks for your post. Here is the output you asked for:

cab2sw2-2fl-2960g#sh ver | i IOS

Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(50)SE3, REL EASE SOFTWARE (fc1)

It sure is odd.

Lucien Avramov Thu, 08/20/2009 - 07:13

c2960-lanbasek9-mz.122-25.SEE2.bin

I just tested this image and it works.

Have you configured a domain-name?

Have you created the crypto key?

cry key gen rsa gen mod 1024

You need the both of above in your config first.

pener1963 Thu, 08/20/2009 - 09:24

Yes I created the keys:

cab2sw2-2fl-2960g#sh ip ssh

SSH Enabled - version 1.5

Authentication timeout: 120 secs; Authentication retries: 3

This is getting really wierd now....

And yes the domain name and host name were configured

glen.grant Thu, 08/20/2009 - 09:24

Can't say I have ever seen that if the image is a K9 image thats loaded on any switch . So it doesn't take the transport inpuit command if you do the following?

conf t

line vty 0 15

transport input ssh

pener1963 Thu, 08/20/2009 - 09:40

I got it!!

This what I did:

Recreated the keys and forced the use of version 2 and that did it ....

By default using a 1024 bit key size had me using version 1.99 of ssh

In global config mode I issued a

ip ssh version 2

command and that did it.

I now have the ability to do

transport input ssh

on my vty lines ...

Hurray!!!

glen.grant Thu, 08/20/2009 - 09:57

sounds like a bug , have never had an issue using a 1024 bit key and the transport command.

Edison Ortiz Thu, 08/20/2009 - 10:25

Weird.

Transport input command was available on non-k9 images without any hostname and ssh enabled.

__

Edison.

Actions

This Discussion