https://community.cisco.com/t5/wireless/9800-cl-ssh-connection-refused/m-p/4094435#M169052 <P>you need the following to enable ssh on a IOS / IOS-XE device</P> <P>&nbsp;</P> <P class="p1"><STRONG>conf t </STRONG></P> <P class="p1"><STRONG>hostname &lt;name&gt; </STRONG></P> <P class="p1"><STRONG>ip domain-name &lt;name&gt; </STRONG></P> <P class="p1"><STRONG>crypto key generate rss </STRONG><SPAN class="Apple-converted-space">&nbsp; </SPAN>—— create a key</P> <P class="p1"><STRONG>ip ssh version 2</STRONG></P> Fri, 29 May 2020 15:07:23 GMT Rafael E 2020-05-29T15:07:23Z https://community.cisco.com/t5/wireless/9800-cl-ssh-connection-refused/m-p/4094360#M169049 <P>I am having problems connecting via SSH to a 9800-CL in my lab environment.</P><P>There are NO firewalls between devices!</P><P>Configuration on WLC is as follows...</P><P>&nbsp;</P><P>hostname WLC001<BR />!<BR />aaa new-model<BR />!<BR />aaa authentication login default local<BR />aaa authorization exec default local<BR />aaa authorization exec net local<BR />!<BR />ip domain name SDNDEV<BR />!<BR />username admin privilege 15 secret 9 $9$a6E.ZhqApsopn.$bxfqx/BG89wWhxUHhD8ywwZgu5AT1LtaOTPNRvImKbo<BR />!<BR />ip ssh rsa keypair-name ssh-key<BR />ip ssh version 2<BR />!<BR />line con 0<BR />stopbits 1<BR />line vty 0 4<BR />transport input telnet ssh<BR />line vty 5 15<BR />transport input telnet ssh</P><P>&nbsp;</P><P>Crypto key is generated...</P><P>WLC001#show crypto key mypubkey rsa<BR />% Key pair was generated at: 14:11:57 British May 29 2020<BR />Key name: WLC001.SDNDEV<BR />Key type: RSA KEYS<BR />Storage Device: not specified<BR />Usage: General Purpose Key<BR />Key is not exportable. Redundancy enabled.<BR />Key Data:<BR />30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101<BR />00BA885E 58B4EF5B E56D87A6 2C4CF7FD 3C89A306 AA2D894E 1A09EBD6 CB7C2DB1<BR />A149D200 BC499927 0F9551D7 0CE04786 F158A955 B0D26C85 2E2FFD3D 193DFD24<BR />375B90C5 8A3212C5 C5A0A1E8 F2DFB5AC AA80B4F0 9B49C385 F67CD4BD 47CD0AFD<BR />A65C525F 4EFF51BE 46840DA4 64A67EF3 EA8F01C7 229E2072 58F5A658 7EFDA0C3<BR />D41522A2 2DE74FE3 12F2CCE7 58AECC06 8ED483F6 B4F210DE D2F7A32C CAF91E26<BR />510E8999 787EF655 AC288965 62D52761 F9568DF1 141ADDBD 562E1E2F 89C4A517<BR />C785E446 B9CDB74F 90AEC35E 29B5515A 00F1E70F 23AC1FA8 0CC4FC02 36F9FAEF<BR />F9B8DDA1 170E7CD2 35AF7650 9D06B5B1 FDDBD5FE 87C93FA6 E9CE7C14 291D68A2<BR />3B020301 0001<BR />WLC001#</P><P>&nbsp;</P><P>Telnet is working, which proves connectivty, am i missing something specific to the WLC?</P><P>&nbsp;</P> Mon, 05 Jul 2021 19:06:48 GMT https://community.cisco.com/t5/wireless/9800-cl-ssh-connection-refused/m-p/4094360#M169049 c.walsh 2021-07-05T19:06:48Z https://community.cisco.com/t5/wireless/9800-cl-ssh-connection-refused/m-p/4094390#M169050 <P>an you check output for:&nbsp;</P> <P>&nbsp;</P> <P>sh ip ssh</P> Fri, 29 May 2020 14:13:29 GMT https://community.cisco.com/t5/wireless/9800-cl-ssh-connection-refused/m-p/4094390#M169050 Rafael E 2020-05-29T14:13:29Z https://community.cisco.com/t5/wireless/9800-cl-ssh-connection-refused/m-p/4094404#M169051 <P>Hi Rafael...</P><P>&nbsp; &nbsp; &nbsp;<BR />WLC001#show ip ssh<BR />SSH Disabled - version 2.0<BR />%Please create RSA keys to enable SSH (and of atleast 768 bits for SSH v2).</P><P>&nbsp;</P><P>I have created the key, is there a manual command to enable SSH as i don't know of one?</P> Fri, 29 May 2020 14:31:49 GMT https://community.cisco.com/t5/wireless/9800-cl-ssh-connection-refused/m-p/4094404#M169051 c.walsh 2020-05-29T14:31:49Z https://community.cisco.com/t5/wireless/9800-cl-ssh-connection-refused/m-p/4094435#M169052 <P>you need the following to enable ssh on a IOS / IOS-XE device</P> <P>&nbsp;</P> <P class="p1"><STRONG>conf t </STRONG></P> <P class="p1"><STRONG>hostname &lt;name&gt; </STRONG></P> <P class="p1"><STRONG>ip domain-name &lt;name&gt; </STRONG></P> <P class="p1"><STRONG>crypto key generate rss </STRONG><SPAN class="Apple-converted-space">&nbsp; </SPAN>—— create a key</P> <P class="p1"><STRONG>ip ssh version 2</STRONG></P> Fri, 29 May 2020 15:07:23 GMT https://community.cisco.com/t5/wireless/9800-cl-ssh-connection-refused/m-p/4094435#M169052 Rafael E 2020-05-29T15:07:23Z https://community.cisco.com/t5/wireless/9800-cl-ssh-connection-refused/m-p/4094441#M169053 <P>Hi Rafael,</P><P>&nbsp; &nbsp; I have already added all those commands, see the initial post.</P><P>That is what i cannot understand why SSH is disabled?</P> Fri, 29 May 2020 15:14:54 GMT https://community.cisco.com/t5/wireless/9800-cl-ssh-connection-refused/m-p/4094441#M169053 c.walsh 2020-05-29T15:14:54Z https://community.cisco.com/t5/wireless/9800-cl-ssh-connection-refused/m-p/4094443#M169054 <P><FONT color="#FF0000"><STRONG>WLC001(config)#do sh ip ssh</STRONG></FONT><BR /><FONT color="#FF0000"><STRONG>SSH Disabled - version 2.0</STRONG></FONT><BR />%Please create RSA keys to enable SSH (and of atleast 768 bits for SSH v2).<BR />Authentication methods:publickey,keyboard-interactive,password<BR />Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa<BR />Hostkey Algorithms:x509v3-ssh-rsa,ssh-rsa<BR />Encryption Algorithms:aes128-ctr,aes192-ctr,aes256-ctr<BR />MAC Algorithms:hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96<BR />KEX Algorithms:diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1<BR />Authentication timeout: 120 secs; Authentication retries: 3<BR />Minimum expected Diffie Hellman key size : 2048 bits<BR />IOS Keys in SECSH format(ssh-rsa, base64 encoded): NONE<BR /><FONT color="#FF0000"><STRONG>WLC001(config)#crypto key gen rsa mod 2048</STRONG></FONT><BR />% You already have RSA keys defined named WLC001.SDNDEV.<BR />% They will be replaced.</P><P>% The key modulus size is 2048 bits<BR />% Generating 2048 bit RSA keys, keys will be non-exportable...<BR />[OK] (elapsed time was 1 seconds)</P><P><STRONG><FONT color="#FF0000">WLC001(config)#do show ip ssh</FONT></STRONG><BR /><STRONG><FONT color="#FF0000">SSH Disabled - version 2.0</FONT></STRONG><BR />%Please create RSA keys to enable SSH (and of atleast 768 bits for SSH v2).<BR />Authentication methods:publickey,keyboard-interactive,password<BR />Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa<BR />Hostkey Algorithms:x509v3-ssh-rsa,ssh-rsa<BR />Encryption Algorithms:aes128-ctr,aes192-ctr,aes256-ctr<BR />MAC Algorithms:hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96<BR />KEX Algorithms:diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1<BR />Authentication timeout: 120 secs; Authentication retries: 3<BR />Minimum expected Diffie Hellman key size : 2048 bits<BR />IOS Keys in SECSH format(ssh-rsa, base64 encoded): NONE<BR />WLC001(config)#</P> Fri, 29 May 2020 15:17:54 GMT https://community.cisco.com/t5/wireless/9800-cl-ssh-connection-refused/m-p/4094443#M169054 c.walsh 2020-05-29T15:17:54Z https://community.cisco.com/t5/wireless/9800-cl-ssh-connection-refused/m-p/4094499#M169055 <P>can you attach the show tech?</P> Fri, 29 May 2020 16:37:23 GMT https://community.cisco.com/t5/wireless/9800-cl-ssh-connection-refused/m-p/4094499#M169055 Rafael E 2020-05-29T16:37:23Z https://community.cisco.com/t5/wireless/9800-cl-ssh-connection-refused/m-p/4100748#M169056 <P>Hi Rafael,</P><P>&nbsp; &nbsp; I have resolved this issue by using the following commands...</P><P>WLC001(config)#crypto key generate rsa<SPAN>&nbsp;</SPAN><STRONG>label SSH-KEY</STRONG><SPAN>&nbsp;</SPAN>modulus 1024<BR />The name for the keys will be: SSH-KEY</P><P><BR />% The key modulus size is 1024 bits<BR />% Generating 1024 bit RSA keys, keys will be non-exportable...<BR />[OK] (elapsed time was 2 seconds)</P><P><STRONG>WLC001(config)#ip ssh rsa keypair-name SSH-KEY</STRONG><BR />WLC0011(config)#do sh ip ssh</P><P><FONT color="#FF0000">SSH Enabled - version 2.0</FONT></P> Wed, 10 Jun 2020 12:08:11 GMT https://community.cisco.com/t5/wireless/9800-cl-ssh-connection-refused/m-p/4100748#M169056 c.walsh 2020-06-10T12:08:11Z