Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ssh not working - Cisco 2960

I have 2 Cisco 2960's which have to have the vty lines configured for ssh. I will call the switches Switch 1 and Switch 2.  AAA/ssh config has been added to both switches and SSH only works on switch 1.  I can successfully access the switch 2 using telnet but not ssh.  I have been through the config and can see no differences.

I have updated the IOS to 12.2-58 SE1 and it was previously on 12.2-44 SE6 and this has made no difference.  I have removed the config and put the config from Switch 1(the one that ssh works on) and I get the same response. When using ssh i get a "Network Error - Connection Refused" msg.

The hardware revisions are exactly the same between the switches as were the IOS's before I upgraded Switch 2

I have enabled debugging and can see no output when accessing Switch 2 via ssh, i do see output when using telnet.  I have removed the acl that was attached to the vty lines and the result is the same. Config below

aaa new-model
!
aaa group server tacacs+ Group1

server x.x.x.x

server y.y.y.y

!

aaa authentication login VTY_Admin group tacacs+ none
aaa authentication login CON_Admin group Group1 line local
aaa authentication enable default group Group1 enable
aaa authorization exec default group Group1 if-authenticated
aaa authorization commands 15 default group Group1 if-authenticated
aaa authorization network default group Group1 if-authenticated
aaa accounting exec default start-stop group Group1

aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group Group1

aaa accounting network default start-stop group Group1


!

aaa session-id common

tacacs-server host x.x.x.x

tacacs-server host y.y.y.y single-connection
tacacs-server directed-request
tacacs-server key xxxxxxxx

line vty 0 4
exec-timeout 5 0
password cisco

logging synchronous
login authentication VTY_Admin
transport input ssh telnet
line vty 5 15
password cisco

login authentication VTY_Admin

transport input ssh telnet

If anyone has any suggestions it would be much appreciated.

1 ACCEPTED SOLUTION

Accepted Solutions
Purple

Re: ssh not working - Cisco 2960

Is ssh server activated on your switch?   Can you do these commands sh ip ssh and sh crypto key mypubkey rsa, are you seeing something in the output?

Regards.

Alain.

Don't forget to rate helpful posts.
5 REPLIES

Re: ssh not working - Cisco 2960

Make sure that you are running a k9 software version like:

c2960-lanlitek9-mz.122-58.SE1.bin

This should allow your to enable SSHv1 (SSHv2 with 1024-bit key) on the switch.

Please rate if helpful.

Purple

Re: ssh not working - Cisco 2960

Is ssh server activated on your switch?   Can you do these commands sh ip ssh and sh crypto key mypubkey rsa, are you seeing something in the output?

Regards.

Alain.

Don't forget to rate helpful posts.
Purple

Re: ssh not working - Cisco 2960

  Did you creat the keys on both ?  "show crypto key my rsa" .

New Member

Re: ssh not working - Cisco 2960

I am bet it was was glen.grant was saying.  You probably need to run:

crypto key generate rsa

New Member

Re: ssh not working - Cisco 2960

Thanks or the responses.  Shortly after my post I found that I had not generated the RSA key.

ssh is now up and running on both.

Thanks

6647
Views
0
Helpful
5
Replies