05-08-2017 11:51 AM - edited 03-08-2019 10:29 AM
I am using a small home lab and trying to set up SSH on all my devices. I was successful setting it up on my switch but, when I try to SSH from my pc to my 2621XM router I'm getting a error in puTTY :
SSH protocol version 2 required by our configuration but the server only provides (old, insecure) SSH-1.
I understand that SSH v1 is unsecure and I have tried to re-configure using "2" after rsa but I get an "invalid input " with the marking pointing to the "2" character.
Any tips on how to configure this router to use SSH v2 ?
Is this 2621XM router even capable of using SSHv2?
Pardon the ignorance, I'm am a beginner trying to get some well needed practice here at home with real equipment.
Appreciate any help.
05-09-2017 03:56 AM
I have two 2651XMs, one is running "c2600-adventerprisek9-mz.123-14.T5.bin" and the "ip ssh version 2" command is available, I have another running "c2600-jk9s-mz.123-15.bin" and it is not. Reference the link below which shows you the command and the versions of code which it should be available. Unfortunately the trick will be getting your hands on a 2600 IOS as the routers are EOL.
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/d1/sec-d1-cr-book/sec-cr-i3.html#wp9081909290
Also, if this is only a lab, you can set Putty to do SSH v1 easy enough.
05-09-2017 07:06 PM
Hello,
This is the IOS that my 2621XM is running:
"flash:c2600-advsecurityk9-mz.123-9b.bin"
I also already have these other IOS's:
-c3725-adventerprisek9-mz.124-25d
-c7200-adventerprisek9-mz.124-24.T8
-c7200-adventerprisek9-mz.152-4.S3
Not sure if I should try removing it and replacing it with c2691-adventerprisek9-mz.124-25d.
Yes, this is only a lab. If it is possible to set putty to do SSH1, that would make my life a little easier. Could you help me with that? In the meantime I will search how.
Thanks for your help
05-09-2017 07:26 PM
Hi
Unfortunately these IOS's cannot be used on your router. As this router was manufactured a long time ago it does not have support.
If you want to provide strong security I recommend at least use access-list to control the access remotely.
The c2691-adventerprisek9-mz.124-25d should not be used on the router.
Please check this link:
http://www.cisco.com/en/US/products/ps6441/products_tech_note09186a00804afba7.shtml
10-31-2017 07:44 AM
Yes, there is a way of configuring putty to use V1, just open putty then click on SSH in the left hand side of the connection screen. By default, it is v2 only.
As Julio said above, generating a RSA with modulus of 768 or higher should enable support to ssh version 1.99, which is almost always compatible with ssh v2.
05-09-2017 10:30 AM
Hi
This router should support ssh v2 but not really sure about the IOS, but you can try executing the following configuration, this is just an example:
Example:
conf t
username cisco priv 15 pass cisco1
no aaa-new model
ip domain name mydomain.com
ip ssh version 2
ip ssh authen 3
ip ssh time 60
crypto key generate rsa (use 1024)
line vty 0 15 or line vty 0 4
transport input ssh
login local
Hope it is useful
:-)
05-09-2017 06:57 PM
Hello Julio,
I entered those commands and got as far as the 4th line (ip ssh version 2) and got this:
R1(config)#ip ssh version 2
^
% Invalid input detected at '^' marker.
which makes me think that this routers IOS doesn't allow SSH2.
This is the show ver:
-c3725-adventerprisek9-mz.124-25d
-c7200-adventerprisek9-mz.124-24.T8
-c7200-adventerprisek9-mz.152-4.S3
Not sure if any of these will do???
Thanks for your help!
09-24-2017 08:21 AM
Hi
That IOS should be able to configure SSH ver 2, could you please run show ip ssh, it will show the version.
11-05-2017 12:07 PM - edited 11-05-2017 12:08 PM
Hello
what is the output of - show ip ssh ?
If you dont even get as far as ssh then it seems to suggest that ios does not support the protocol.
res
Paul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide