Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Can't login via ssh, Cisco Catalyst 3560.

Hi all.

Im trying to login to my switch via ssh from a unix term (OS X) but i fail. Tried this:

ssh admin@10.0.5.140

ssh -c des -l admin 10.0.5.140

None workes. Turned on debugging and found:

000247: 3d23h: SSH1: sent protocol version id SSH-1.99-Cisco-1.25

000248: 3d23h: SSH1: protocol version id is - SSH-2.0-OpenSSH_4.5

000249: Jun 27 22:01:19: %SSH-5-SSH2_SESSION: SSH2 Session request from 10.0.5.140 (tty = 1) using crypto cipher 'aes128-cbc', hmac 'hmac-md5' Succeeded

000250: Jun 27 22:01:26: %SSH-5-SSH2_USERAUTH: User '' authentication for SSH2 Session from 10.0.5.140 (tty = 1) using crypto cipher 'aes128-cbc', hmac 'hmac-md5' Failed

000251: Jun 27 22:01:26: %SSH-5-SSH2_CLOSE: SSH2 Session from 10.0.5.140 (tty = 1) for user '' using crypto cipher 'aes128-cbc', hmac 'hmac-md5' closed

000252: 3d23h: SSH1: Session disconnected - error 0x00

It seems that the switch didn't catch my username but i can't figure out why. All help apreciated.

Thx.

p

5 REPLIES
Cisco Employee

Re: Can't login via ssh, Cisco Catalyst 3560.

"ssh -l cse 10.32.15.1" works for me from OS X 10.4.10. What does your switch config look like? What version of IOS are you running?

New Member

Re: Can't login via ssh, Cisco Catalyst 3560.

Hi, thx for replying.

I have the latest crypto for 3560, 12.2.25:

Cisco IOS Software, C3560 Software (C3560-IPBASEK9-M), Version 12.2(25)SEE3, RELEASE SOFTWARE (fc2)

Copyright (c) 1986-2007 by Cisco Systems, Inc.

Compiled Thu 22-Feb-07 15:39 by myl

Image text-base: 0x00003000, data-base: 0x00FF46A8

ROM: Bootstrap program is C3560 boot loader

BOOTLDR: C3560 Boot Loader (C3560-HBOOT-M) Version 12.2(25r)SEE4, RELEASE SOFTWARE (fc1)

switch_vaning-5 uptime is 4 days, 7 hours, 31 minutes

System returned to ROM by power-on

System restarted at 00:41:15 CET Sun Jun 24 2007

System image file is "flash:c3560-ipbasek9-mz.122-25.SEE3/c3560-ipbasek9-mz.122-25.SEE3.bin"

Heres my cfg except for the ports:

version 12.2

no service pad

service timestamps debug uptime

service timestamps log datetime

no service password-encryption

service sequence-numbers

!

hostname switch_vaning-5

!

logging count

no logging monitor

enable secret xxx

enable password xxxxx

!

username xxx privilege 15 secret xxx

username giobbi privilege 15 password 0 xxxxx

no aaa new-model

clock timezone CET 1

clock summer-time CET recurring last Sun Mar 2:00 last Sun Oct 3:00

vtp mode transparent

ip subnet-zero

no ip domain-lookup

ip domain-name fb.se

ip name-server 10.0.5.246

!

ip ftp username xxx

ip ftp password xxxxx

ip ssh logging events

interface Vlan1

ip address 10.0.5.218 255.255.255.0

no ip route-cache

!

ip default-gateway 10.0.5.1

ip classless

ip http server

ip http secure-server

!

logging facility local2

logging 10.0.8.184

snmp-server community orvis RO

!

control-plane

!

!

line con 0

line vty 0 4

password xxxx

no login

length 0

line vty 5 15

password xxxxx

no login

!

!

monitor session 1 source interface Gi0/21

monitor session 1 destination interface Gi0/18

ntp clock-period 36029386

ntp server 17.x.0.28 key 0 prefer

end

Running same OS X as you.

Thanks!!

p

Cisco Employee

Re: Can't login via ssh, Cisco Catalyst 3560.

You're missing a few bits to the config. First, you need an admin username. Next, you need to enable aaa new-model, and add something like:

aaa authentication login default local

Finally, you need to generate your crypto key on the switch:

crypto key generate rsa

New Member

Re: Can't login via ssh, Cisco Catalyst 3560.

Great!

Work like a charm. Now i just have to make my new-added admin to work.

: )

Many thx.

New Member

Hi Joe,

Hi Joe,

I have all config mentioned on above blog on one of our 3560, still I am not able to login. Can you please help me on this.

sh ver
Cisco IOS Software, C3560E Software (C3560E-UNIVERSALK9-M), Version 12.2(55)SE3, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Thu 05-May-11 15:57 by prod_rel_team
Image text-base: 0x00003000, data-base: 0x02800000

sh runn | in aaa
aaa new-model
aaa authentication login default local
aaa session-id common

sh runn | be vty
line vty 0 4
 transport input ssh
line vty 5 15
 transport input ssh
!
end

and have crypto key generate rsa enabled on switch.

4456
Views
4
Helpful
5
Replies
CreatePlease to create content