Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

SSH catalyst switch

Hi All,

Planning to implement the access for Catalyst switch using shh. FYI, current IOS version - Version 12.2(25)EWA8. does it support for ssh?what consideration is necessary once doing this?what version is not support of using ssh?

Many thanks.

-sam

  • LAN Switching and Routing
8 REPLIES
Hall of Fame Super Gold

Re: SSH catalyst switch

You need to have the Crypto IOS and in the following config:

line vty 0 15

transport input ssh telnet

line cons 0

transport input ssh telnet

Hope this helps.

New Member

Re: SSH catalyst switch

what do you mean by Crypto IOS?anyway Version 12.2(25)EWA8 supports IOS for crypto (ssh) ?

Thanks for prompting response.

Blue

Re: SSH catalyst switch

Sam:

You have to look at the IOS feature set, not just the version.

For example, you can have IOS version 12.2(35) that is running ipbase or ipbasek9.

Execute a "show verion" command from your router's prompt to see which version and feature set are running.

HTH

Victor

New Member

Re: SSH catalyst switch

...and of course specify local username & password if you not using tacacs/ Radius and then generate RSA keys. Also specify logon local if above is used

crypto key generate rsa modulas 1024

Bronze

Re: SSH catalyst switch

Hi Sam,

To use ssh you need to do following

1. Confgiure hostname and domain name on switch

2. start aaa ( aaa new-model cmd this will allow to use local users to login via ssh if no tacacs is configure )

3. Generate rsa key ( crypto key generate rsa )

4. Enable SSH transport support ( transport input ssh ) at VTY lines

HTH

Raj

Purple

Re: SSH catalyst switch

Do dir flash: or dir bootflash: depending on model and look at the imagename if it does "not" have a "k9" somewhere in the imagename it is not a crypto version and you will have to change your code to get the SSH feature .

Bronze

Re: SSH catalyst switch

Sam,

Do a "dir" at the command line. Copy the .bin file and then paste that into the Cisco IOS feature navigator.

Choose "search by image"

http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp

Paste in the .bin file name.

Within the search results you should see:

Secure Shell version 1 server

Secure Shell version 1 client

Secure Shell version 2 server

Secure Shell version 2 client

The "server" feature allows you to SSH using PUTTY (or some other ssh client) to connect to the switch.

The "client" feature allows you to SSH from the SWITCH to another SSH server (like from switch to switch).

Requirements for SSH:

Local password database

username test password cisco

username test secret cisco

Authentication on VTY lines

login local

OR

AAA Authentication

aaa new-model

aaa authentication login default local

aaa authentication enable default enable

VTY lines configured for SSH

transport input ssh

Create crypto keys

crypto gen key rsa gen Lable SSH_Keys mod 1024

*Hostname and Domain* are ONLY required if you don't label the keys.

"sh ip ssh" will show you the version of SSH.

Version 1.5 = SSHv1 only

Version 1.99 = SSHv1 & SSHv2

Version 2.0 = SSHv2 only

New Member

Re: SSH catalyst switch

Hi All,

Many Thanks for help.

Rgds,

sam

234
Views
0
Helpful
8
Replies