https://community.cisco.com/t5/network-access-control/ssh-access-denied/m-p/3388590#M556725 Thanks It works Thu, 24 May 2018 15:18:04 GMT Kasun1 2018-05-24T15:18:04Z https://community.cisco.com/t5/network-access-control/ssh-access-denied/m-p/3197955#M556715 <P>Hi Community,</P> <P>&nbsp;</P> <P>Could you please advise me where is my problem:</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>When I trying to connect Cisco 881 through SSH, it answers me login and password, but deny access.</P> <P>&nbsp;</P> <P>This is full config:</P> <P>!<BR />! Last configuration change at 17:08:19 UTC Thu Oct 12 2017 by admin<BR />version 15.2<BR />no service pad<BR />service timestamps debug datetime msec<BR />service timestamps log datetime msec<BR />service password-encryption<BR />!<BR />hostname blab01<BR />!<BR />boot-start-marker<BR />boot-end-marker<BR />!<BR />!<BR />logging buffered 51200 warnings<BR />enable secret 4 Ivcw.NXKbPGnUJY1w35CDH7n2ZASu5D1k<BR />!<BR />aaa new-model<BR />!<BR />!<BR />aaa authentication login default local<BR />!<BR />!<BR />!<BR />!<BR />!<BR />aaa session-id common<BR />memory-size iomem 10<BR />!<BR />crypto pki trustpoint TP-self-signed-3570458249<BR /> enrollment selfsigned<BR /> subject-name cn=IOS-Self-Signed-Certificate-3570458249<BR /> revocation-check none<BR /> rsakeypair TP-self-signed-3570458249<BR />!<BR />!<BR />crypto pki certificate chain TP-self-signed-3570458249<BR />!<BR />!<BR />!<BR />!</P> <P><BR />!<BR />!<BR />!<BR />!<BR />no ip domain lookup<BR />ip domain name blrlab.com<BR />ip inspect name outside_fw icmp<BR />ip inspect name outside_fw http<BR />ip inspect name outside_fw https<BR />ip inspect name outside_fw tcp<BR />ip inspect name outside_fw udp<BR />ip inspect name outside_fw dns<BR />ip inspect name outside_fw pptp<BR />ip cef<BR />no ipv6 cef<BR />!<BR />!<BR />multilink bundle-name authenticated<BR />license udi pid CISCO881-SEC-K9 sn FGL181021M3<BR />!<BR />!<BR />username admin privilege 15 secret 4 hFK.2TEAvHhQRoMQRkWa26vz.q2Vd7U<BR />username bbbadmin privilege 15 password 7 013D1312F751F6E4D<BR />!<BR />!<BR />!<BR />!<BR />!<BR />ip ftp source-interface Vlan1<BR />ip ftp username cisco<BR />ip ftp password 7 121A0C041104<BR />ip ssh time-out 60<BR />ip ssh authentication-retries 5<BR />ip ssh port 5722 rotary 1<BR />ip ssh logging events<BR />ip ssh version 2<BR />! <BR />!<BR />crypto isakmp policy 1<BR /> encr 3des<BR /> hash md5<BR /> authentication pre-share<BR /> group 2<BR />crypto isakmp key faltecvpn address MANCH-IP no-xauth<BR />crypto isakmp keepalive 120<BR />!<BR />!<BR />crypto ipsec transform-set 3DES-SHA esp-3des esp-md5-hmac <BR /> mode tunnel<BR />crypto ipsec transform-set 3DES-MD5 esp-3des esp-md5-hmac <BR /> mode tunnel<BR />!<BR />!<BR />!<BR />crypto map outside_map 10 ipsec-isakmp <BR /> description SHRB -- MNCH<BR /> set peer MANCH-IP<BR /> set transform-set 3DES-MD5 <BR /> match address data_SHRB_MNCH<BR />!<BR />!<BR />!<BR />!<BR />!<BR />interface FastEthernet0<BR /> no ip address<BR />!<BR />interface FastEthernet1<BR /> no ip address<BR />!<BR />interface FastEthernet2<BR /> no ip address<BR />!<BR />interface FastEthernet3<BR /> no ip address<BR />!<BR />interface FastEthernet4<BR /> description VIDEOTRON<BR /> ip address EXT-IP 255.255.255.252<BR /> ip nat outside<BR /> ip inspect outside_fw out<BR /> ip virtual-reassembly in<BR /> duplex full<BR /> speed auto<BR /> crypto map outside_map<BR />!<BR />interface Vlan1<BR /> description $ETH_LAN$<BR /> ip address 192.168.1.1 255.255.255.0<BR /> ip nat inside<BR /> ip virtual-reassembly in<BR /> ip tcp adjust-mss 1452<BR />!<BR />ip forward-protocol nd<BR />ip http server<BR />ip http access-class 23<BR />ip http authentication local<BR />ip http secure-server<BR />ip http timeout-policy idle 60 life 86400 requests 10000<BR />!<BR />!<BR />ip nat inside source list NAT_BLAB interface FastEthernet4 overload<BR />ip nat inside source static tcp 192.168.1.3 25 EXT-IP 25 extendable<BR />ip nat inside source static tcp 192.168.1.25 80 EXT-IP 80 extendable<BR />ip nat inside source static tcp 192.168.1.25 443 EXT-IP 443 extendable<BR />ip nat inside source static tcp 192.168.1.3 1723 EXT-IP 1723 extendable<BR />ip route 0.0.0.0 0.0.0.0 24.37.183.233<BR />!<BR />ip access-list extended NAT_BLAB<BR /> deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255<BR /> permit ip 192.168.1.0 0.0.0.255 any<BR />ip access-list extended OUTSIDE_IN<BR /> permit tcp any host EXT-IP eq smtp<BR /> permit gre any host EXT-IP<BR /> permit tcp any host EXT-IP eq 1723<BR /> permit tcp any host EXT-IP eq www<BR /> permit tcp any host EXT-IP eq 443<BR /> permit udp any eq isakmp host EXT-IP eq isakmp<BR />ip access-list extended data_SHRB_MNCH<BR /> remark Traffic entre SHRB et MNCH<BR /> permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255<BR />!<BR />no cdp run<BR />!<BR />!<BR />!<BR />!<BR />control-plane<BR />!<BR />!<BR />!<BR />line con 0<BR /> exec-timeout 0 0<BR /> password 7 09625B15F5F246E<BR /> logging synchronous<BR /> no modem enable<BR /> speed 115200<BR />line aux 0<BR />line vty 0 4<BR /> exec-timeout 0 0<BR /> password 7 0228114D181D295D<BR /> logging synchronous<BR /> rotary 1<BR /> transport input ssh<BR /> transport output ssh<BR />line vty 5 15<BR /> privilege level 15<BR /> password 7 0228114D5B0A5D<BR /> transport input all<BR />!<BR />!<BR />end</P> Fri, 21 Feb 2020 18:36:02 GMT https://community.cisco.com/t5/network-access-control/ssh-access-denied/m-p/3197955#M556715 Chubariev88 2020-02-21T18:36:02Z https://community.cisco.com/t5/network-access-control/ssh-access-denied/m-p/3198065#M556719 <P>you need to add one more line to your line vty 0 4 stanza</P> <P>&nbsp;</P> <P>login local</P> <P>&nbsp;</P> <P>cheers</P> Fri, 13 Oct 2017 00:43:35 GMT https://community.cisco.com/t5/network-access-control/ssh-access-denied/m-p/3198065#M556719 Arne Bier 2017-10-13T00:43:35Z https://community.cisco.com/t5/network-access-control/ssh-access-denied/m-p/3388590#M556725 Thanks It works Thu, 24 May 2018 15:18:04 GMT https://community.cisco.com/t5/network-access-control/ssh-access-denied/m-p/3388590#M556725 Kasun1 2018-05-24T15:18:04Z