Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2074
Views
5
Helpful
7
Replies

ssh problem

Go to solution
cventicinque
Level 1
Level 1

‎01-28-2006 05:24 AM - edited ‎03-05-2019 11:46 AM

Hello,

I am trying to configure ssh on my router. I followed this guide:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca7d5.html#93454

However, when putty attempts to connect, I get refused. I am sure my username and password are correct. Here is my config, pls take a look and tell me if you see something wrong.

Thank You!

Current configuration : 1882 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname xxxxxxxxx

!

enable secret 5 xxxxxxxxxxxx

!

username xxxxxxx password 7 xxxxxxx

ip subnet-zero

no ip source-route

ip domain-name xxxx

!

no ip bootp server

!

!

!

!

interface Ethernet0

ip address dhcp

no ip proxy-arp

ip nat outside

no cdp enable

!

interface Ethernet1

ip address 192.168.1.1 255.255.255.0

no ip proxy-arp

ip nat inside

no cdp enable

!

ip nat inside source list 1 interface Ethernet0 overload

ip nat inside source static tcp 192.168.1.101 6881 interface Ethernet0 6881

ip nat inside source static udp 192.168.1.101 6881 interface Ethernet0 6881

ip nat inside source static tcp 192.168.1.101 6112 interface Ethernet0 6112

ip nat inside source static tcp 192.168.1.101 3724 interface Ethernet0 3724

ip nat inside source static udp 192.168.1.101 2934 interface Ethernet0 2934

ip nat inside source static udp 192.168.1.101 2935 interface Ethernet0 2935

ip classless

ip route 0.0.0.0 0.0.0.0 xxxxxxxxxx 254

no ip http server

!

access-list 1 permit 192.168.1.0 0.0.0.255

no cdp run

banner login ^CC

WARNING!!!

This system is soley for the use of authorized users for official purposes.

You have no expectation of privacy in its use and to ensure that the system

is functioning properly, individuals using this computer system are subject

to having all of their activities monitored and recorded by system

personnel. Use of this system evidences an express consent to such

monitoring and agreement that if such monitoring reveals evidence of

possible abuse or criminal activity, system personnel may provide the

results of such monitoring to appropriate officials.

^C

!

line con 0

password 7 xxxxxxxxxxx

login

line vty 0 4

exec-timeout 0 1

password 7 xxxxxxxxxxxxx

login

!

end

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to cventicinque

‎01-29-2006 01:44 PM

Chris

Thanks for providing the additional information. It does make clear that there is a real problem and I believe that it provides a good clue about what the problem is. I see in the screen shot that putty is sending a username and password. Is the username and password configured in the router like this:

username xxxxxxx password 7 xxxxxxx

the name and password that putty is sending?

I believe that the problem now is that the router is expecting to authenticate with the line password configured on the vty ports and rejects the name sent by putty. I believe that if you configure this:

line vty 0 4

login local

that this should solve the problem since it will instruct the router to authenticate with a locally configured userID and password.

As a side note, even though the exec-timeout was not the primary problem I believe that it would have become a problem after you got the authentication issue resolved.

HTH

Rick

HTH

Rick

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Bobby Thekkekandam
Cisco Employee
Cisco Employee

‎01-28-2006 10:07 AM

Hi,

I don't see any ssh commands configured in your configuration...

What message do you see on your putty client when trying to ssh to the router?

also, can you post a "show ip ssh" and "show ssh"

thanks,

Bobby

0 Helpful

Go to solution
cventicinque
Level 1
Level 1
In response to Bobby Thekkekandam

‎01-28-2006 02:07 PM

Hello,

Thanks for your reply.

I do get a response from putty so, I believe it is working. Here is what you asked for:

1605r#sh ip ssh

SSH Enabled - version 1.5

Authentication timeout: 120 secs; Authentication retries: 3

1605r#sh ssh

%No SSH server connections running.

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to cventicinque

‎01-29-2006 05:47 AM

Is it that putty is failing or is it that your session is immediately terminated, which would look kind of like a failure. You have this in the config:

line vty 0 4

exec-timeout 0 1

which says that after 1 second of inactivity your session will be terminated.

I suggest that you change the exec-timeout to something reasonable and try again. If ssh is still not working it would be helpful if you would post the output that you get when you attempt to connect.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
cventicinque
Level 1
Level 1
In response to Richard Burts

‎01-29-2006 07:34 AM

I enterer "no exec-timeout" in the router. Sh run now reads this way: exec-timeout 0 0

Here is a screen shot of my putty session:

http://img14.imagevenue.com/img.php?loc=loc203ℑ=abcb5_ssh_putty.JPG

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to cventicinque

‎01-29-2006 01:44 PM

Chris

Thanks for providing the additional information. It does make clear that there is a real problem and I believe that it provides a good clue about what the problem is. I see in the screen shot that putty is sending a username and password. Is the username and password configured in the router like this:

username xxxxxxx password 7 xxxxxxx

the name and password that putty is sending?

I believe that the problem now is that the router is expecting to authenticate with the line password configured on the vty ports and rejects the name sent by putty. I believe that if you configure this:

line vty 0 4

login local

that this should solve the problem since it will instruct the router to authenticate with a locally configured userID and password.

As a side note, even though the exec-timeout was not the primary problem I believe that it would have become a problem after you got the authentication issue resolved.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
cventicinque
Level 1
Level 1
In response to Richard Burts

‎01-29-2006 03:36 PM

login local was the fix

Thank You Very Much!!!

I have setup ssh on cisco devices at work but, there we have TACACS so, I assume the login local command is not needed?

I appreciate your time and effort!

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to cventicinque

‎01-29-2006 04:20 PM

Chris

I am glad that we were able to resolve your issue.

TACACS and "login local" on vty are mutually exclusive. TACACS requires configuration of aaa. And when you configure aaa you can not configure login local on the vty. There is an option within aaa to use the local configured userID and password similar to what you have done, but it is not possible to configure login local on the vty if aaa is configured. So at work you configure aaa to use TACACS and can not use login local. And on this router you configure login local and do not use aaa.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card