Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11061
Views
5
Helpful
8
Replies

Unable to ssh to router

Go to solution
dcusher2006
Beginner
Beginner

‎03-17-2020 09:25 AM

Hey all,

 

I have a router that I have configured ssh on with local aaa authentication enabled. I am prompted to login, but the login is prompting access denied. Curious as to why this was happening I enabled telnet to test as well. Using the same configuration and credentials I am able connect via telnet fine. Only when I try entering the credentials in SSH do I get "access denied". Please see my relevant configuration below.

 

aaa new-model
!
aaa authentication login default local

!

ip domain name mirion.com

username cisco privilege 15 password cisco

!

ip ssh version 2

!

line vty 0 4
privilege level 15
transport input all
line vty 5 15
privilege level 15
transport input all

 

================================================================================================

 

output of sh version

 

Cisco IOS Software, 3800 Software (C3845-ADVENTERPRISEK9-M), Version 15.1(3)T1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Sun 27-Mar-11 09:27 by prod_rel_team

ROM: System Bootstrap, Version 12.4(13r)T10, RELEASE SOFTWARE (fc1)

Mirion_Router uptime is 30 weeks, 5 days, 1 hour, 16 minutes
System returned to ROM by power-on
System image file is "flash:c3845-adventerprisek9-mz.151-3.T1.bin"
Last reload type: Normal Reload


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco 3845 (revision 1.0) with 1008640K/39936K bytes of memory.
Processor board ID FCZ130270P9
2 Gigabit Ethernet interfaces
1 Serial interface
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
479K bytes of NVRAM.
500472K bytes of ATA System CompactFlash (Read/Write)


License Info:

License UDI:

-------------------------------------------------
Device# PID SN
-------------------------------------------------
*0 CISCO3845-MB FOC124926TY

 

Configuration register is 0x2102

 

================================================================================================

 

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Cristian Matei
Collaborator
Collaborator
In response to dcusher2006

‎03-19-2020 09:47 AM

Hi,

 

    Per the provided config, if still in place, there are two possible outcomes:

           1. The router has a funky SSH bug, to isolate it, ssh to the router itself from a  remote telnet session; so connect via telnet and run "ssh -l cisco x.x.x.x", where x.x.x.x is an IP of the router; if it works, all good on the router side, if not, reload and/or upgrade

            2. The SSH agent you're using, either has specific cryptographic algorithm requirements which don't match what your Cisco device is using, either it does not meed the minimum requirements from the Cisco output; try using a different ssh client:

 

Minimum expected Diffie Hellman key size : 1024 bits

 

Regards,

Cristian Matei.

View solution in original post

0 Helpful
8 Replies 8

Go to solution
LaserNinja
Beginner
Beginner

‎03-17-2020 09:31 AM