SSH LOGIN LOCAL ISSUE

Thomas7450 · ‎08-15-2018

Hi all I am having trouble with my SSH lab. I have been able to SSH my switch when just setting a password for the vty lines and using the login command. However when i opt to use the login local command and ask for the vty line to grab the credentials of the username and password set in global config I am unable to login. Please can some tell me if there is anything obviously wrong with the below config..its starting to stress me out now..there is nothing fancy going on I have just used my default vlan 1 as the vlan with the ip address.

anders(config-if)#do sh start

Using 742 bytes

!

version 12.1

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname anders

!

clock timezone bst 0

!

ip domain-name cisco.com

!

username thomas privilege 15 password 0 anders

!

spanning-tree mode pvst

spanning-tree extend system-id

!

interface FastEthernet0/1

!

interface FastEthernet1/1

!

interface FastEthernet2/1

switchport mode access

!

interface FastEthernet3/1

!

interface FastEthernet4/1

!

interface FastEthernet5/1

!

interface Vlan1

ip address 192.168.1.253 255.255.255.0

!

ip default-gateway 192.168.1.254

!

banner motd ^Chelp me^C

!

line con 0

!

line vty 0 4

login local

transport input ssh

line vty 5 15

login local

transport input ssh

!

Francesco Molino · ‎08-15-2018

Hi

Are you getting the login prompt?
Just out of curiosity, have you removed the crypto key before pasting the config? Because i don't see it.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Thomas7450 · ‎08-18-2018

Hi thanks for your reply, yeah the crypto keys have been generated at 512. I have just gon over all the same config again from scratch and issue still remains...I was not aware that the keys should be noted in the sh start menu...I have checked tho and definately there as when i go to enter crypto ken gen rsa i am greeted with a message teeling me there already enabled..if you look at the command after show run you will see what I mean. Any thoughts at all? Thanks

User Access Verification

Username: tom

Password:

swtich#en

swtich#conf t

Enter configuration commands, one per line. End with CNTL/Z.

swtich(config)#cry

swtich(config)#crypto k

swtich(config)#crypto key ge

swtich(config)#crypto key generate rsa

% You already have RSA keys defined named swtich.cisco .

% Do you really want to replace them? [yes/no]: n

swtich(config)#do sh run

Building configuration...

Current configuration : 1384 bytes

!

version 12.2

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname swtich

!

enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0

!

ip ssh version 1

ip domain-name cisco

!

username tom privilege 15 password 0 cisco

!

spanning-tree mode pvst

spanning-tree extend system-id

!

interface FastEthernet0/1

!

interface FastEthernet0/2

!

interface FastEthernet0/3

!

interface FastEthernet0/4

!

interface FastEthernet0/5

!

interface FastEthernet0/6

!

interface FastEthernet0/7

!

interface FastEthernet0/8

!

interface FastEthernet0/9

!

interface FastEthernet0/10

!

interface FastEthernet0/11

!

interface FastEthernet0/12

!

interface FastEthernet0/13

!

interface FastEthernet0/14

!

interface FastEthernet0/15

!

interface FastEthernet0/16

!

interface FastEthernet0/17

!

interface FastEthernet0/18

!

interface FastEthernet0/19

!

interface FastEthernet0/20

!

interface FastEthernet0/21

!

interface FastEthernet0/22

!

interface FastEthernet0/23

!

interface FastEthernet0/24

switchport mode trunk

!

interface GigabitEthernet0/1

!

interface GigabitEthernet0/2

!

interface Vlan1

no ip address

shutdown

!

interface Vlan2

mac-address 0090.0c66.8101

ip address 10.1.2.1 255.255.255.0

!

ip default-gateway 10.1.2.254

!

line con 0

login local

!

swtich(config)#crypto key generate rsa

% You already have RSA keys defined named swtich.cisco .

% Do you really want to replace them? [yes/no]:

Francesco Molino · ‎08-18-2018

Are you getting the prompt? What is your error message?
you can add :
aaa new-model
aaa authentication login default local

This will configure default aaa authentication to be local and under lines just configure it as login

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Thomas7450 · ‎08-24-2018

Hi, I am not familiar with the AAA comnands..the switch does not seem to
recognise these commands in global config mode..I have e set the vty lines
to login local so would have thought that would be enough ..I'm lost
really am..starting to think it's a packet tracer glitch but could most
likely be me missing one small detail

Francesco Molino · ‎08-24-2018

Using login local needs only to have a username setup and that's the case on your side.
You're not answering my question: do you get the router prompt when ssh to it?
You can run a debug ssh on your router, try to ssh to it and paste the debug output.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question