Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1854
Views
0
Helpful
2
Replies

Telnet and SSH not working at VTY lines

Go to solution
shehzada_dilsoz
Level 1
Level 1

‎05-03-2017 11:02 PM - edited ‎03-03-2019 08:32 AM

I have a Cisco 891F router that I have been trying to set it up for remote access for a while.

IOS is c800-universalk9-mz.SPA.153-3.M6.bin

Configs are

Current configuration : 2880 bytes

version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router_Fef_Pak
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
enable secret 5 $1$CIOB$49J2KXNkFcaRHSGiSZ/fs/
!
aaa new-model
!
!
aaa authentication login userauthen local
aaa authorization exec userauthen local
!
!
!
!
!
aaa session-id common
!
crypto pki trustpoint TP-self-signed-2158060672
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2158060672
revocation-check none
rsakeypair TP-self-signed-2158060672
!
!
crypto pki certificate chain TP-self-signed-2158060672
!
!
!
!


!
!
!
!
no ip domain lookup
ip domain name Fef.com
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
license udi pid C891F-K9 sn FGL200526SA
!
!

vtp mode transparent
username S3ed privilege 15 secret 5 $1$8wlv$dqE1hbiE4ULO3Izy48FkP0
username Fef_HO privilege 15 secret 5 $1$B2aZ$Z8JBxWWyHfCuduLtABDzG.
!
!
!
!
!
ip ssh time-out 15
ip ssh authentication-retries 2
ip ssh logging events
ip ssh version 2
!

!
interface GigabitEthernet8
ip address x.x.x.x 255.255.255.248
duplex auto
speed auto
!

!
ip route 0.0.0.0 0.0.0.0 x.x.x.x
!
!
line con 0
logging synchronous
login authentication userauthen
no modem enable
line aux 0
line 3
modem InOut
speed 115200
flowcontrol hardware
line vty 0 4
session-timeout 1
exec-timeout 60 0
logging synchronous
login authentication userauthen
transport input ssh
line vty 5 15
session-timeout 1
exec-timeout 60 0
logging synchronous
login authentication userauthen
transport input ssh
!
scheduler allocate 20000 1000
ntp server 206.108.0.131 prefer
ntp server 206.108.0.132
!
end

From the config it is apparent that SSH v2 needs to be configured. Crypto key generate RSA is 2048 bytes. authentication and authorization is via "userauthen" group.

The problem strangely that i am seeing is that the vty lines appears to be not operating. i.e no access from remote devices is allowed.

The response always is "Network Error: Connection refused".

As a troubleshooting procedure I have tried "ssh -l S3ed -c 3des -v 2 x.x.x.x" and this successfully opens a SSH sessions. Furthermore the userauthen group of aaa works fine since through proper credentials I am able to login. But any sort of attempt to remotely access via vty lines fails.

Furthermore show user command shows line con 0 and nothing else in the list. I suspect vty lines should also appear here.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎05-04-2017 11:10 PM

Have you tried using a different SSH client?

I would also upgrade to 15.3.3M9.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎05-04-2017 11:10 PM

Have you tried using a different SSH client?

I would also upgrade to 15.3.3M9.

0 Helpful

Go to solution
shehzada_dilsoz
Level 1
Level 1
In response to Philip D'Ath

‎05-04-2017 11:19 PM

the issue has been resolved after upgrading its IOS to a stable version.

Closing the ticket.

Thanks for the support.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents