Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

3 question about cisco 2960

Hello,

we have a cisco 2960 48 port tcl switch port and i've enable ssh on my switch and now :

1) how can i login to ssh ? how should create username for ssh ?

2) how can i disable telnet ?

3) how can i change main (master) password?

THanks,

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

3 question about cisco 2960

Hi,

1) You will need to configure a non-default hostname and domain name and then create the RSA keypair that will be used by the SSH. Enter these commands in the global configuration mode:

hostname MyHostname

ip domain-name my.domain.com

crypto key generate rsa general-keys modulus 1024

line vty 0 15

login local

exit

username SomeUser secret HisPassword

The first two commands set up the hostname and domain name. The third command generates a RSA keypair. The fourth to sixth commands activate the user-based authentication for all remote accesses including Telnet and SSH (i.e. you will need to log in using both username and password, not just a password). The last command defines a new user. You may use it repeatedly to define multiple users or to redefine their passwords.

Please feel free to replace the MyHostname and my.domain.com with real hostname and domain name.

2) Enter the following commands in the global configuration mode after you have confirmed you are able to login to the switch using SSH:

line vty 0 15

transport input ssh

end

3) There is no "master password" but if you are referring to the password requested after entering the enable command then this password can be set using the following global configuration command:

enable secret NewPasswordForPrivilegedMode

Best regards,

Peter

7 REPLIES
Cisco Employee

3 question about cisco 2960

Hi,

1) You will need to configure a non-default hostname and domain name and then create the RSA keypair that will be used by the SSH. Enter these commands in the global configuration mode:

hostname MyHostname

ip domain-name my.domain.com

crypto key generate rsa general-keys modulus 1024

line vty 0 15

login local

exit

username SomeUser secret HisPassword

The first two commands set up the hostname and domain name. The third command generates a RSA keypair. The fourth to sixth commands activate the user-based authentication for all remote accesses including Telnet and SSH (i.e. you will need to log in using both username and password, not just a password). The last command defines a new user. You may use it repeatedly to define multiple users or to redefine their passwords.

Please feel free to replace the MyHostname and my.domain.com with real hostname and domain name.

2) Enter the following commands in the global configuration mode after you have confirmed you are able to login to the switch using SSH:

line vty 0 15

transport input ssh

end

3) There is no "master password" but if you are referring to the password requested after entering the enable command then this password can be set using the following global configuration command:

enable secret NewPasswordForPrivilegedMode

Best regards,

Peter

New Member

3 question about cisco 2960

thanks lot,.

New Member

3 question about cisco 2960

just a question i enter

crypto key generate rsa and create a 512bit key now if i reenter crypto key generate rsa general-keys modulus 1024 the key will change to 1024 right? without any problem?

Thanks,

Cisco Employee

3 question about cisco 2960

Yes, Farshid. It will generate the new keys. But your active sessions may get kill.

Cheers,

-amit singh

Hall of Fame Super Gold

3 question about cisco 2960

If you need SSH make sure your IOS supports CRYPTO. 

Cisco Employee

3 question about cisco 2960

Dear friends,

Regarding the shorter RSA keypair of 512 bits, I recently answered to another thread here where the original poster complained about the inability of starting SSHv2 although he has generated a keypair of appropriate bit length. We eventually discovered that he originally created a short keypair and subsequently generated the new, longer keypair. The device therefore had two RSA keypairs created. However, the SSH was still using the short keypair and therefore it refused to run in SSHv2 mode.

The easiest solution to this problem was to erase all RSA keypairs and then create a new single keypair that will be of proper length. This is also what I suggest doing: erasing all RSA keys and then generating a new keypair using these global config level commands:

crypto key zeroize rsa

crypto key generate rsa general-keys modulus 1024

Best regards,

Peter

Hall of Fame Super Gold

3 question about cisco 2960

crypto key zeroize rsa

Thanks Peter.

Learn something new everyday. 

5155
Views
5
Helpful
7
Replies
CreatePlease to create content