Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SSH problem

Status
Not open for further replies.

Synonix

Technical User
Oct 2, 2008
32
US
Hey guys,

So im taking this class online and they were doing a brief overview on how to setup SSH on a switch. They were using the crypto command after establishing an ip and domain name for the switch. I had no problem getting an ip and domain name but i couldnt get crypto to work and when searching for the command i see it just dosent exist. i dont think i need to be in config-line to enable ssh its just global cfg right? Anyhow im at work right now and cant paste my version of the IOS or anything but i am using a 3500XL switch. ill have that information up asap if its needed. if you have any ideas on whats going on please enlighten me! its been bugging me all day.

thanks for the help.
 
yeah, you'll have to post a sh ver and a sh run, but the commands are

switch(config)#ip domain-name local
switch(config)#crypto key gen rsa mod 1024
switch(config)#line vty 0 15
switch(config-line)#trans in ssh tel
switch(config-line)#end
switch#wr

You need a k9 in the IOS code, but some switched I have seen automatically build the modulus, so the crypto key is already there, and it has a cert

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!
 
Hi,

The Cisco Catalyst 3500XL series and 2900XL series do not support SSH as there are no Crypto images available for these switches.

-Viconsul
 
Thnx burt and vic. Looks like im screwed with these switches and SSH no biggie i guess. Woulda been nice to packet sniff and not see clear text tho :( back to telnet.
 
Hey guys just want to ask one more question. Is there a program or some sort of database that will tell you what IOS versons do and don't work with specific routers and switches? i mean my 2610 router has ios ver. 12.1 and i was wondering if i can go to 12.2 or higher. it only has 36k memory and 16mb flash so i cant use certain IOS' already due to memory restrictions.
 
Generally the best resource for supported ios on any platform is cisco.com. The Cisco 2610 router, should be able to run 12.4 mainline ios, subject to having enough space on flash and enough memory. This link tells you more. Cisco

 
Cisco Feature Navigator.

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!
 
thnx vic.

Yeah burt i saw that while snooping around the cisco site but you need more authentication than i have to actually use it.

funny how one of my routers did have enough space and the other one didnt... and me assuming they were both the same because my lab came from the same place, flashed both of them... and the IOS i was planning to upgrade to needed 16. luckily i torrented every conceviable IOS in some monster collection a while back so i was fine.

also, correct me if im wrong but you can flash through rommon or the ios yes? i tried through rommon for shits n giggles but it seems to not really work. mabye im just doing it wrong. on thing i didnt get is that it was asking for a default gateway as one of the required parameters before you could do tftpdnld but there really isnt one because im just using a crossover into my computer and using that as the TFTP.

anywho a little off topic i apologise. just throwing thoughts out there.
 
No you don't---requires NO login...


You can do tftpdnld after setting all the parameters (NO gateway is needed), or you can xmodem at 115,200 BAUD by
1.setting BAUD in the terminal emulator
2.doing confreg 0x3922 in ROMMON
3.reset in ROMMON
4.xmodem in ROMMON


ALL settings MUST BE IN CAPS!!!

tftpdnld itself is in small case


In the IOS, it is

router>en
router#copy tftp flash

then answer the questions. I always save a copy of the IOS and config before doing this...

router#sh flash

then copy the IOS (I use PuTTy---it lets you copy and paste)
then
router#copy flash tftp
answer the questions

for the config

router#copy start tftp
and/or
router#copy run tftp

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!
 
Starred burt :D i know how much you like them from lurking other threads.

only thing was you DO need a default gateway for tftpdnld but i just put it as the TFTP server IP and it worked fine. just cant leave it blank... weird.

i know nothing about xmodem at the moment so ill have to do some research on how it works. for example, why you need to up the baud rate.

oh and i got my flash upgrade in the mail so i can now put ALOT more IOS versions on my router! *excitement*

Oh when i installed the new flash at first the router said i didnt have enough memory. i guess it was just because it didnt recognise something. after going into tftpdnld and loading the new ios it saw it easily.
 
TFTPDNLD requires the gateway be set. As an exercise, see what happens when you try to share out an IOS on another router and then transfer that through tftpdnld to a device several networks away. Use a LARGE image (above 16 MB).

With Xmodem, you really don't have to change the baud rate if you're being paid on an hourly scale :) but most of us want to get the transfer completed ASAP so we up the baud to the maximum UART speed of 115200.

When I use TFTPDNLD, I usually load a stripped base IOS to get the box booted and running. Then I'll load the real IOS I want (usually advipservicesK9 these days) and reboot to my "full bells and whistles" IOS and configure replace the running configuration file for the device. One thing to watch for on newer routers is the interface you use for tftpdnld. By default it'll only work through F0/0 on ISRs although you can change that parameter.

Cisco does a good job giving us job security!
 
I stand corrected, and thus should re-iterate/restate...

a gateway is required if the tftp is on a different subnet. However, I imagine it is still required (been a while) due to the nature of ROMMON no matter what...

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top