01-28-2006 05:24 AM - edited 03-05-2019 11:46 AM
Hello,
I am trying to configure ssh on my router. I followed this guide:
However, when putty attempts to connect, I get refused. I am sure my username and password are correct. Here is my config, pls take a look and tell me if you see something wrong.
Thank You!
Current configuration : 1882 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname xxxxxxxxx
!
enable secret 5 xxxxxxxxxxxx
!
username xxxxxxx password 7 xxxxxxx
ip subnet-zero
no ip source-route
ip domain-name xxxx
!
no ip bootp server
!
!
!
!
interface Ethernet0
ip address dhcp
no ip proxy-arp
ip nat outside
no cdp enable
!
interface Ethernet1
ip address 192.168.1.1 255.255.255.0
no ip proxy-arp
ip nat inside
no cdp enable
!
ip nat inside source list 1 interface Ethernet0 overload
ip nat inside source static tcp 192.168.1.101 6881 interface Ethernet0 6881
ip nat inside source static udp 192.168.1.101 6881 interface Ethernet0 6881
ip nat inside source static tcp 192.168.1.101 6112 interface Ethernet0 6112
ip nat inside source static tcp 192.168.1.101 3724 interface Ethernet0 3724
ip nat inside source static udp 192.168.1.101 2934 interface Ethernet0 2934
ip nat inside source static udp 192.168.1.101 2935 interface Ethernet0 2935
ip classless
ip route 0.0.0.0 0.0.0.0 xxxxxxxxxx 254
no ip http server
!
access-list 1 permit 192.168.1.0 0.0.0.255
no cdp run
banner login ^CC
WARNING!!!
This system is soley for the use of authorized users for official purposes.
You have no expectation of privacy in its use and to ensure that the system
is functioning properly, individuals using this computer system are subject
to having all of their activities monitored and recorded by system
personnel. Use of this system evidences an express consent to such
monitoring and agreement that if such monitoring reveals evidence of
possible abuse or criminal activity, system personnel may provide the
results of such monitoring to appropriate officials.
^C
!
line con 0
password 7 xxxxxxxxxxx
login
line vty 0 4
exec-timeout 0 1
password 7 xxxxxxxxxxxxx
login
!
end
Solved! Go to Solution.
01-29-2006 01:44 PM
Chris
Thanks for providing the additional information. It does make clear that there is a real problem and I believe that it provides a good clue about what the problem is. I see in the screen shot that putty is sending a username and password. Is the username and password configured in the router like this:
username xxxxxxx password 7 xxxxxxx
the name and password that putty is sending?
I believe that the problem now is that the router is expecting to authenticate with the line password configured on the vty ports and rejects the name sent by putty. I believe that if you configure this:
line vty 0 4
login local
that this should solve the problem since it will instruct the router to authenticate with a locally configured userID and password.
As a side note, even though the exec-timeout was not the primary problem I believe that it would have become a problem after you got the authentication issue resolved.
HTH
Rick
01-28-2006 10:07 AM
Hi,
I don't see any ssh commands configured in your configuration...
What message do you see on your putty client when trying to ssh to the router?
also, can you post a "show ip ssh" and "show ssh"
thanks,
Bobby
01-28-2006 02:07 PM
Hello,
Thanks for your reply.
I do get a response from putty so, I believe it is working. Here is what you asked for:
1605r#sh ip ssh
SSH Enabled - version 1.5
Authentication timeout: 120 secs; Authentication retries: 3
1605r#sh ssh
%No SSH server connections running.
01-29-2006 05:47 AM
Is it that putty is failing or is it that your session is immediately terminated, which would look kind of like a failure. You have this in the config:
line vty 0 4
exec-timeout 0 1
which says that after 1 second of inactivity your session will be terminated.
I suggest that you change the exec-timeout to something reasonable and try again. If ssh is still not working it would be helpful if you would post the output that you get when you attempt to connect.
HTH
Rick
01-29-2006 07:34 AM
I enterer "no exec-timeout" in the router. Sh run now reads this way: exec-timeout 0 0
Here is a screen shot of my putty session:
http://img14.imagevenue.com/img.php?loc=loc203ℑ=abcb5_ssh_putty.JPG
01-29-2006 01:44 PM
Chris
Thanks for providing the additional information. It does make clear that there is a real problem and I believe that it provides a good clue about what the problem is. I see in the screen shot that putty is sending a username and password. Is the username and password configured in the router like this:
username xxxxxxx password 7 xxxxxxx
the name and password that putty is sending?
I believe that the problem now is that the router is expecting to authenticate with the line password configured on the vty ports and rejects the name sent by putty. I believe that if you configure this:
line vty 0 4
login local
that this should solve the problem since it will instruct the router to authenticate with a locally configured userID and password.
As a side note, even though the exec-timeout was not the primary problem I believe that it would have become a problem after you got the authentication issue resolved.
HTH
Rick
01-29-2006 03:36 PM
login local was the fix
Thank You Very Much!!!
I have setup ssh on cisco devices at work but, there we have TACACS so, I assume the login local command is not needed?
I appreciate your time and effort!
01-29-2006 04:20 PM
Chris
I am glad that we were able to resolve your issue.
TACACS and "login local" on vty are mutually exclusive. TACACS requires configuration of aaa. And when you configure aaa you can not configure login local on the vty. There is an option within aaa to use the local configured userID and password similar to what you have done, but it is not possible to configure login local on the vty if aaa is configured. So at work you configure aaa to use TACACS and can not use login local. And on this router you configure login local and do not use aaa.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide