ssh not working - Cisco 2960

Answered Question
May 23rd, 2011

I have 2 Cisco 2960's which have to have the vty lines configured for ssh. I will call the switches Switch 1 and Switch 2.  AAA/ssh config has been added to both switches and SSH only works on switch 1.  I can successfully access the switch 2 using telnet but not ssh.  I have been through the config and can see no differences.

I have updated the IOS to 12.2-58 SE1 and it was previously on 12.2-44 SE6 and this has made no difference.  I have removed the config and put the config from Switch 1(the one that ssh works on) and I get the same response. When using ssh i get a "Network Error - Connection Refused" msg.

The hardware revisions are exactly the same between the switches as were the IOS's before I upgraded Switch 2

I have enabled debugging and can see no output when accessing Switch 2 via ssh, i do see output when using telnet.  I have removed the acl that was attached to the vty lines and the result is the same. Config below

aaa new-model
!
aaa group server tacacs+ Group1

server x.x.x.x

server y.y.y.y

!

aaa authentication login VTY_Admin group tacacs+ none
aaa authentication login CON_Admin group Group1 line local
aaa authentication enable default group Group1 enable
aaa authorization exec default group Group1 if-authenticated
aaa authorization commands 15 default group Group1 if-authenticated
aaa authorization network default group Group1 if-authenticated
aaa accounting exec default start-stop group Group1

aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group Group1

aaa accounting network default start-stop group Group1


!

aaa session-id common

tacacs-server host x.x.x.x

tacacs-server host y.y.y.y single-connection
tacacs-server directed-request
tacacs-server key xxxxxxxx

line vty 0 4
exec-timeout 5 0
password cisco

logging synchronous
login authentication VTY_Admin
transport input ssh telnet
line vty 5 15
password cisco

login authentication VTY_Admin

transport input ssh telnet

If anyone has any suggestions it would be much appreciated.

I have this problem too.
0 votes
Correct Answer by Cadet Alain about 2 years 11 months ago

Is ssh server activated on your switch?   Can you do these commands sh ip ssh and sh crypto key mypubkey rsa, are you seeing something in the output?

Regards.

Alain.

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
Antonio Knox Mon, 05/23/2011 - 07:59

Make sure that you are running a k9 software version like:

c2960-lanlitek9-mz.122-58.SE1.bin

This should allow your to enable SSHv1 (SSHv2 with 1024-bit key) on the switch.

Please rate if helpful.

Correct Answer
Cadet Alain Mon, 05/23/2011 - 08:18

Is ssh server activated on your switch?   Can you do these commands sh ip ssh and sh crypto key mypubkey rsa, are you seeing something in the output?

Regards.

Alain.

glen.grant Mon, 05/23/2011 - 12:32

  Did you creat the keys on both ?  "show crypto key my rsa" .

nathan.m.curry Mon, 05/23/2011 - 14:00

I am bet it was was glen.grant was saying.  You probably need to run:

crypto key generate rsa

f.sorrentino Mon, 05/23/2011 - 23:22

Thanks or the responses.  Shortly after my post I found that I had not generated the RSA key.

ssh is now up and running on both.

Thanks

Actions

Login or Register to take actions

This Discussion

Posted May 23, 2011 at 7:02 AM
Stats:
Replies:5 Avg. Rating:5
Views:3809 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard

Rank Username Points
1 15,007
2 8,150
3 7,725
4 7,083
5 6,742
Rank Username Points
165
82
69
65
55