10-26-2007 03:44 PM - edited 03-03-2019 05:28 AM
How to configure ssh on cisco 4948-10GE switch? I have configured ssh on 6500 series but seems the commands are different for 4900 series.
I will give the rating to the person who provides me the answer!
Thanks,
Sameer
Solved! Go to Solution.
10-26-2007 05:13 PM
Sameer :
That means you do not have acrypto image. Does your image have a "K9" notation in the file name ?
thanks
Salman.
10-26-2007 04:17 PM
Please try the following procedure .
a) Configure hostname and domain-name, username and password.
config t
hostname 4948
ip domain-name test4948.com
username cisco passowrd cisco
b) ssh config below, enter the crypto command as I have. Other keys like 512 bits did not work for me.
4948#conf t
Enter configuration commands, one per line. End with CNTL/Z.
4948(config)#crypto key generate rsa modulus 1024
The name for the keys will be: 4948.test4948.com
% You already have RSA keys defined for sup2+.domain.com
% They will be replaced.
% The key modulus size is 1024 bits
Generating RSA keys ...
[OK]
4948(config)#end
line vty 0 4
exec-timeout 2880 0
login local
length 0
transport input ssh
c) Check the syslog if ssh is enabled:
4948#sh log
Feb 12 11:04:38.756 PST: %SSH-5-DISABLED: SSH 1.99 has been disabled
Feb 12 11:04:39.952 PST: %SSH-5-ENABLED: SSH 1.5 has been enabled
d) Check the following command on ssh
4948+#show ip ssh
SSH Enabled - version 1.99
Authentication timeout: 120 secs; Authentication retries: 3
4948#
e) Try the client as seen below from UNIX:
f) The ssh v2 is running:
4948#sh ssh
Connection Version Mode Encryption Hmac State Username
0 2.0 IN 3des-cbc hmac-md5 Session started salman
0 2.0 OUT 3des-cbc hmac-md5 Session started salman
%No SSHv1 server connections running.
sup2+#
4948#sh crypto key mypubkey rsa
% Key pair was generated at: 11:04:39 PST Feb 12 2004
Key name: 4948.test4948.com
Usage: General Purpose Key
Key Data:
30819F30 0D06092A 864886F7 0D010101 05000381 8D003081 89028181 00D12B00
6B0ABCA4 C617F523 42BC485F 171B4B1C AD86CC47 D95465DD 719FED4C B2B80504 B69D490A
7CE36E94 35476D56 CACB5490 DF519ED7 C42C86FF 9E853461 978925DC 467B7753 21A43499
705DEDFF AA916FA9 CB1BAAB6 167886F0 AC39AEA0 3ED21CE1 C43EDA76 D8D39612 A3F7D3D6
861FDFA3 231E9CAB 40BE7017 4EDF5EBC 47020301 0001
% Key pair was generated at: 11:04:40 PST Feb 12 2004
Key name: sup2+.domain.com
Usage: Encryption Key
Key Data:
307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00B779C6 383FFCAB
73EA5209 86BD5353 9C29B5C4 B2D78F97 24554CA9 A5DB866B 26688F35 9F3C7CBB
E90A1A96 B36BAA10 BBD86069 47A52551 7E8F10E2 639D8871 EBBD689B 5C29EB6E
A5C4F750 A5A33A8C CFC0078B CB6CBDEF A3163FBE 81E9D85C 35020301 0001
4948#
let me know if this works for you.
Thanks
Salman.
10-26-2007 04:49 PM
Hi Salman,
First of all Thanks for replying!!!
I have configured the 1st three steps:
hostname test-28-4k
ip domain-name test.com
username cisco password cisco
But, while giving the crypto commands... the switch is not accepting.
--------------------------------------------
test-28-4k(config)#crypto key ?
% Unrecognized command
test-28-4k(config)#crypto key generate rsa modulus 1024
^
% Invalid input detected at '^' marker.
--------------------------------------------
Seems to me that the 4900 doesn't support all the IOS for ssh. Can you please confirm, which IOS you are using and maybe I will try with the same one.
Thanks,
Sameer
10-26-2007 05:13 PM
Sameer :
That means you do not have acrypto image. Does your image have a "K9" notation in the file name ?
thanks
Salman.
10-27-2007 05:19 AM
You have to have a specific version of IOS that supports crypto code in order to run SSH . If you have acontract you can get it , if not then you have to get one to download the code or SSH may not be an option you can use.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide