Catalyst 2950 Switch SSH Problem 5

[shenmue232]

Hi Guys

I'm having an odd issue with ssh on my 2950 switch. I have configured all the settings correctly, but every time I go to log in with my ssh client it says Access Denied. The user name and password is cisco so I'm not getting it wrong. I have tried connecting with Putty, TeraTerm and WinSCP all produce the same error.

The IOS on the switch is the c2950-i6k2l2q4-mz.121-22.EA13

Switch config below.


Building configuration...

Current configuration : 1644 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname 2950-SWITCH
!
enable secret 5 $1$aFi1$y9bQYYzaSXF.8ZESRmB8f1
!
username cisco password 7 01100F175804
ip subnet-zero
!
ip domain-name ciscolab.com
ip ssh time-out 120
ip ssh authentication-retries 3
ip ssh version 2
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface Vlan1
ip address 10.0.0.2 255.255.255.224
no ip route-cache
!
ip http server
banner motd ^
************************************************************************
!!!!!!!!!!!!!!!!!!!!!Unauthorized Access Prohibited!!!!!!!!!!!!!!!!!!!!!
************************************************************************
^
!
line con 0
password 7 1517090D1D30242A
logging synchronous
login
line vty 0 4
password 7 104B0B181C0D1D05
login
transport input telnet ssh
line vty 5 15
login
!
!
end

2950-SWITCH#

 

[vipergg]

You are missing the "aaa new-model" command . Use this or under your vty it has to read "login local" to point to the username and password.. Verify crypto keys with "show crypto key my rsa " .

 

[vipergg]

http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml

 

[burtsbees]

You don't need aaa new-model

you need

1)ip hostname local (or whatever you want)

2)crypto key gen rsa mod 1024 (or 2048)

3)on the lines...trans in ssh

You need a "k9" in the image to support ssh, though you have a "k"...try those commands. If they don't take, then you need an upgrade.

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[vipergg]

On the 2950 images there is no k9 in the SSH image . you can use the AAA statement .


!--- The aaa new-model command causes the local username and password on the router
!--- to be used in the absence of other AAA statements.

aaa new-model
username cisco password 0 cisco
line vty 0 4
transport input ssh

!--- Instead of aaa new-model, you can use the login local command.

 

[imbadatthis]

you also need to make sure there is a domain name is specified..

although the rsa key generation step should warn you aboot that.

 

[shenmue232]

Thanks for all your help guys, I now have ssh working.

 

[ISPKing]

^^^Well how nice, and all we like in return are those purple little stars! Go ahead and reward these Highly intelligent fellows!

CCNP

 

[Cluebird]

All you needed for your config was to add login local under line vty 0 15. Basic ssh:

Switch(config)#username cisco password cisco
Switch(config)#ip domain-name cisco.com
Switch(config)#crypto key generate
Switch(config)#line vty 0 15
Switch(config-line)#login local
Switch(config-line)#transport input ssh

Works every time!

HTH