Cisco 2911 problem with SSH

g.lafreniere · ‎10-12-2012

I could use some help with an issue. I have a few Cisco 2911 routers in my network, around 5 to be exact. I have one that I am for some reason unable to use Secure Shell (SSH). I have verified that it is configured exactly like the others, with the exception of it's unique ip address and mask info, the IOS is c2900-universalK9-mz.SPA.150-1.m3.bin like all the others. I have verified the transport input and output ssh line information at the end of my configuration is the same as the others, my config reg is 0x2102. All interfaces are up-up and I can ping everywhere just fine, it's just the SSH function that doesn't work. Does anyone have any ideas? Thanks. Cesar

Douglas Holmes · ‎10-16-2012

Have you generated an SSH Key? Also you can turn on ssh debugging on the device to try to give you a better answer. Your comment of the configuration for line vty. For inbound connections that are ssh only it should be "transport input ssh", I would assume that you have this correct.

Sandeep Choudhary · ‎10-16-2012

HI,

Just try this and let me know the results;

router# config term

router(config)#ip ssh version 2

router(config)#crypto key generate rsa

How many bits in the modulus [512]: 1024

Choose the size of the key modulus in the range of 360 to 2048 for your

Encryption Keys. Choosing a key modulus greater than 512 may take

a few minutes.

check ur config for line vty:

config t

line vty 0 15

login local

transport input telnet ssh

transport output telnet ssh

if it works then well and gud ...if still failing then please show me the output of this command: sh ip ssh

summary:

`02`	`Router_or_Switch#configure terminal`

`03`	`Enter configuration commands, one per line. End with CNTL/Z.`

`04`	`Router_or_Switch(config)#line vty 0 15`

`05`	`Router_or_Switch(config-line)#login local`

`06`	`Router_or_Switch(config-line)#transport input telnet ssh`

`07`	`Router_or_Switch(config-line)#exit`

`08`	`Router_or_Switch(config)#username test password cisco`

`09`	`Router_or_Switch(config)#ip domain-name test.com`

`10`	`Router_or_Switch(config)#crypto key generate rsa`

Regards

Please rate if it helps.

Muhammad Thanveer · ‎10-18-2012

Dear Cesar,

If your configuration looks exactly like what Mr Sandeep has said and if you are sure the configuration is well and good to do ssh. Just check if you have any accesslist which is stopping you to access.

Plese rate the helpful tags.

Regards
Thanveer
"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."

Richard Burts · ‎10-19-2012

Cesar

It is difficult to know from what is posted so far exactly what the problem is. There are several possibilities that we can explore:

- perhaps the issue is that SSH is not enabled (which has been mentioned in previous posts in this thread). If you would post the output of show ip ssh then we would be able to know if the problem is enabling SSH or is something else.

- if SSH is correctly enabled, then the problem might be that an access list is preventing access. The most obvious place to check is to ask you to post the configuration of the vty so that we can see whether there is an access class configured. If an access class is configured then please also post the access list used by the access class. You also might want to verify whether there is any access list on any interface that might be impacting SSH traffic.

- there is also the possibility that there is some issue with authentication. Perhaps you can post the part of the configuration that deals with authentication.

HTH

Rick

HTH

Rick

Muhammad Thanveer · ‎10-20-2012

Hi Ceaser,

If you are using a tacacs server for the purpose of authentcation you must be able to reach the device from the tacacs server and it should be properly updated for credentials reg...Please check this.

Regards
Thanveer
"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."