Cisco 3845 Router, SSH, Secure HTTP & CS-MARS

edwardwaithaka · ‎07-17-2007

Hello,

I have a 3845 router (Version 12.3(11r)T2, RELEASE SOFTWARE (fc1)) which I have configured SSH access through vty. Th e problem is that SSH access fails when I try to connect to it using Putty. It also fails to connect using ip http secure-server both from a browser & through CS-MARS (IOS IPS). All user names exist and are working fine with telnet.

Does IOS 12.3 have issues with SSH * secure http?

I get this error in MARS:

"Error in INIT GET. Check the username/password"

pcomeaux · ‎07-17-2007

Hi -

I searched all open/closed TAC cases for you with that error message - I found 1 similar case.

Here's the results of their case:

"we managed to fix the issue it was ip http authentication enable command (change to accept local usernames/passwords)."

Can you review this and see if you need to tell SSH and HTTPs to use the local database?

Please let us know.

thxs

peter

edwardwaithaka · ‎07-17-2007

Hi,

I had enabled authentication through local user database both for SSH & HTTPS i.e.

#aaa authentication login default local (SSH)

#ip http authentication local (HTTPS)

There is a bug (CSCsb84050) in Cisco IOS that might be affecting the authentication. I will try and resolve it and get back to you.

PAUL TRIVINO · ‎07-18-2007

When you mentuion putty I had a thought - ssh version? I think putty defaults to V2 but maybe V1.99 is on the 3845? Just a thought.

Paul

edwardwaithaka · ‎07-18-2007

I have 2 identical 3845s, one is accepting SSH, the other is failing. The configs are identical both version 2. I will try and reboot (last resort which worked on a 6500 with SSH issues) and see what happens. Might be the max number of connections have been used.

For the "ip http secure", the configs worked after increasing the "priviledge level" of the local user to 15.