11-16-2010 08:43 AM - edited 03-06-2019 02:04 PM
Configuring SSH access is a pretty basic thing, so I'm guessing there is probably a problem with the software I'm running. Router is a Cisco 1841.
Show version:
NKYLEXRTR02#show ver
Cisco IOS Software, 1841 Software (C1841-ADVSECURITYK9-M), Version 12.4(25c), RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Thu 11-Feb-10 22:49 by prod_rel_team
ROM: System Bootstrap, Version 12.3(8r)T8, RELEASE SOFTWARE (fc1)
NKYLEXRTR02 uptime is 40 minutes
System returned to ROM by power-on
System image file is "flash:c1841-advsecurityk9-mz.124-25c.bin"
Cisco 1841 (revision 4.1) with 115712K/15360K bytes of memory.
2 FastEthernet interfaces
1 Serial interface
1 terminal line
2 Channelized T1/PRI ports
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
62592K bytes of ATA CompactFlash (Read/Write)
Configuration register is 0x2102
Has a domain, hostname, and IP addresses configured. Crypto keys have been generated.
show ip ssh:
NKYLEXRTR02#show ip ssh
SSH Disabled - version 2.0
%Please create RSA keys (of atleast 768 bits size) to enable SSH v2.
Authentication timeout: 60 secs; Authentication retries: 2
Am I not running the right IOS for ssh access?
11-16-2010 09:11 AM
You need to generate your SSH key
Router(config)# crypto key generate rsa |
http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfssh.html#wp1000876
11-16-2010 09:13 AM
As I mentioned in my first post, I have already done that.
11-16-2010 11:18 AM
Christopher
I can answer your immediate question. The Advanced Security feature set on the 1841 should run SSH just fine. We have lots of 1841s with that feature set and they have no problems with SSH.
I know that you say that you have generated the key. But the error message in your post is pretty clear that the router does not believe that it has a valid crypto key. to check this out you might try using the command
show crypto key mypubkey rsa
Is it possible that the name of the router has been changed since the key was generated? I know from experience that this is something that will make a generated key become invalid.
Given the error message, I would suggest that you generate crypto keys (again) and see if that helps.
HTH
Rick
11-16-2010 11:27 AM
I ended up figuring this out, sorry - should have posted back. When I checked, the key was there and the modulus was fine. I ended up zero'ing them out and re-generating them and it still did not work. I zeroed them out one more time, and generated a usage-key... this fixed it.
generate rsa usage-keys label SSH modulus 1024
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide