cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
26963
Views
0
Helpful
6
Replies

ssh not working - Cisco 2960

f.sorrentino
Level 1
Level 1

I have 2 Cisco 2960's which have to have the vty lines configured for ssh. I will call the switches Switch 1 and Switch 2.  AAA/ssh config has been added to both switches and SSH only works on switch 1.  I can successfully access the switch 2 using telnet but not ssh.  I have been through the config and can see no differences.

I have updated the IOS to 12.2-58 SE1 and it was previously on 12.2-44 SE6 and this has made no difference.  I have removed the config and put the config from Switch 1(the one that ssh works on) and I get the same response. When using ssh i get a "Network Error - Connection Refused" msg.

The hardware revisions are exactly the same between the switches as were the IOS's before I upgraded Switch 2

I have enabled debugging and can see no output when accessing Switch 2 via ssh, i do see output when using telnet.  I have removed the acl that was attached to the vty lines and the result is the same. Config below

aaa new-model
!
aaa group server tacacs+ Group1

server x.x.x.x

server y.y.y.y

!

aaa authentication login VTY_Admin group tacacs+ none
aaa authentication login CON_Admin group Group1 line local
aaa authentication enable default group Group1 enable
aaa authorization exec default group Group1 if-authenticated
aaa authorization commands 15 default group Group1 if-authenticated
aaa authorization network default group Group1 if-authenticated
aaa accounting exec default start-stop group Group1

aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group Group1

aaa accounting network default start-stop group Group1


!

aaa session-id common

tacacs-server host x.x.x.x

tacacs-server host y.y.y.y single-connection
tacacs-server directed-request
tacacs-server key xxxxxxxx

line vty 0 4
exec-timeout 5 0
password cisco

logging synchronous
login authentication VTY_Admin
transport input ssh telnet
line vty 5 15
password cisco

login authentication VTY_Admin

transport input ssh telnet

If anyone has any suggestions it would be much appreciated.

1 Accepted Solution

Accepted Solutions

cadet alain
VIP Alumni
VIP Alumni

Is ssh server activated on your switch?   Can you do these commands sh ip ssh and sh crypto key mypubkey rsa, are you seeing something in the output?

Regards.

Alain.

Don't forget to rate helpful posts.

View solution in original post

6 Replies 6

Antonio Knox
Level 7
Level 7

Make sure that you are running a k9 software version like:

c2960-lanlitek9-mz.122-58.SE1.bin

This should allow your to enable SSHv1 (SSHv2 with 1024-bit key) on the switch.

Please rate if helpful.

cadet alain
VIP Alumni
VIP Alumni

Is ssh server activated on your switch?   Can you do these commands sh ip ssh and sh crypto key mypubkey rsa, are you seeing something in the output?

Regards.

Alain.

Don't forget to rate helpful posts.

  Did you creat the keys on both ?  "show crypto key my rsa" .

I am bet it was was glen.grant was saying.  You probably need to run:

crypto key generate rsa

Thanks or the responses.  Shortly after my post I found that I had not generated the RSA key.

ssh is now up and running on both.

Thanks

iamshahab
Level 1
Level 1
I faced the similar issue. it got resolved by following steps.

1. enable SSH V2 .
2. adding ip domain-name .
3. generating crypto key RSA 1024.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco