Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
20363
Views
20
Helpful
9
Replies

Unable to SSH into router

christopher_hall
Level 1
Level 1

‎12-27-2013 08:01 AM

Hi group,

I have a cisco 2800 series router that I'm trying to setup for ssh access. The router is outside of the firewall. I've consoled in and setup ssh access and setup routing for return traffic. When I open a putty session, i can connect and enter a username, but when I enter the password, the putty session closes. Here's a snippet of the config:

line con 0

exec-timeout 15 0

password 7 046253483875666A5D

login

line aux 0

line vty 0 4

login local

no exec

transport input ssh

transport output ssh

line vty 5 15

login local

transport input ssh

transport output ssh

!

Thanks for any help.

Chris

1 person had this problem
Labels:
0 Helpful
9 Replies 9

Richard Burts
Hall of Fame
Hall of Fame

‎12-27-2013 08:43 AM

Chris

There is a potentially interesting issue here but not nearly enough information for us to be able to give you much help. The only conclusion I can draw from what you have posted is the the SSH sessions are coming in through vry 5 15 and not vty 0 4. But that does not explain the SSH behavior.

Since you have specified login local for the vty a good place to start would be with what users you have configured on the router and what parameters you have assigned to these users.

It might also be helpful to know what you have configured (or not configured) for aaa.

Since you are getting a login prompt it probably does indicate that SSH is correctly initiated, though the output of show ip ssh might be helpful. And the login prompt probably does indicate that it is not a routing issue.

HTH

Rick

HTH

Rick
0 Helpful

christopher_hall
Level 1
Level 1
In response to Richard Burts

‎12-27-2013 10:32 AM

Richard, I'm sure I had tried this before, but I removed the line vty configuration and all usernames, then reconfigured. Viola! It worked!

Thanks,

Chris

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to christopher_hall

‎12-27-2013 10:56 AM

Chris

I am glad that you have solved your own problem. Thank you for posting back to the foum to tell us that it is fixed and what you did that had this result. We will not know exactly what the problem was but we do know that when you removed it and re-configured it that something that that had been out of sync with what you were doing to test became in sync. And the most important thing is that now SSH access is working.

HTH

Rick

HTH

Rick
0 Helpful

mr_dalvin10
Level 1
Level 1
In response to Richard Burts

‎08-30-2016 10:58 AM

All,

Funny thing, this exact problem happened to me.  I had a 4331 router using AAA authenticating back to an ACS server.  My SSH keys were correct, I even recreated the keys during troubleshooting.  I was using ACL's to only allow certain subnets to ssh to the device and all of those were correct.  I finally ended up using one of my Linux utility boxes to SSH into the router and the output would tell me that my SSH keys were incorrect and not to trust the device but still let me log in.  I finally found in my  vty line config that "no exec" was set for lines 0-4.  I removed that and everything started working.  Here is my vty line config now.

line vty 0
 session-timeout 10
 access-class ACL_VTY in vrf-also
 no activation-character
 transport preferred ssh
 transport input ssh
 transport output telnet ssh
 stopbits 1
line vty 1 4
 session-timeout 10
 access-class ACL_VTY in vrf-also
 transport preferred ssh
 transport input ssh
 transport output telnet ssh
line vty 5 15

-Brad

JRDIAZ758
Level 1
Level 1
In response to mr_dalvin10

‎09-20-2016 04:39 PM

i kinda the same exact issue.... but my problem was this "no exec" commando that was in the VTY....that fixed it

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to JRDIAZ758

‎09-20-2016 06:32 PM

I am glad to know that you got your issue figured out and resolved. Certainly the "no exec" under the vty has potential to create problems.

HTH

Rick

HTH

Rick
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to christopher_hall

‎12-27-2013 10:57 AM

Interesting. Is it working even though vty 0 4 have "no exec"? What's your purpose of having that in the first place?

Earlier you may have had all the available lines exhausted. Removing the configurations of the lines vty 5 15 would have the effect of clearing those lines thus making them available once the vty lines were recreated.

0 Helpful

christopher_hall
Level 1
Level 1
In response to Marvin Rhoads

‎12-27-2013 12:33 PM

Marvin, I think that's what the problem was. I have no idea how 'no exec' got in there and when i pasted that config into this thread, I thought..."Hmmm...". Seeing that pulled out of the rest of the config helped me to see things a little different. I was looking hard at access-lists!

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to christopher_hall

‎12-27-2013 12:42 PM

Chris

It is too bad that we will never know for sure what the problem was. But I think that if the problem had been with access lists that you would never have gotten the login prompt.

Marvin's suggestion that all vty lines were exhausted is an interesting possibility. My guess is that what was configured as user password was (slightly) different from what you were entering when you were attempting to login.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card