Re: ssh authentication on 3550

glmrenard · ‎06-02-2003

Hello,

I have configured an ssh access to my switch :

"""""""""""""""

cry key generate rsa

ip ssh time−out 60

ip ssh authentication−retries 3

""""""""""""""

And I try to connect with a linux (Redhat 8.0):

"""""""""""""""""""""""""""""""""""""""""""""""""

[root@Fredux root]# ssh swsr232 -l admin

admin@swsr232's password:

Permission denied, please try again.

admin@swsr232's password:

"""""""""""""""""""""""""""""""""""""""""""""""""

Tjat does'nt work.

I watch the log on the switch :

"""""""""

000164: Jun 2 17:11:35: SSH1: starting SSH control process

000165: Jun 2 17:11:35: SSH1: sent protocol version id SSH-1.5-Cisco-1.25

000166: Jun 2 17:11:35: SSH1: protocol version id is - SSH-1.5-OpenSSH_3.4p1

000167: Jun 2 17:11:35: SSH1: SSH_SMSG_PUBLIC_KEY msg

000168: Jun 2 17:11:35: SSH1: SSH_CMSG_SESSION_KEY msg - length 112, type 0x03

000169: Jun 2 17:11:35: SSH: RSA decrypt started

000170: Jun 2 17:11:35: SSH: RSA decrypt finished

000171: Jun 2 17:11:35: SSH: RSA decrypt started

000172: Jun 2 17:11:35: SSH: RSA decrypt finished

000173: Jun 2 17:11:35: SSH1: sending encryption confirmation

000174: Jun 2 17:11:35: SSH1: keys exchanged and encryption on

000175: Jun 2 17:11:35: SSH1: SSH_CMSG_USER message received

000176: Jun 2 17:11:35: SSH1: authentication request for userid admin

000177: Jun 2 17:11:35: SSH1: invalid old access type configured - 0x01

000178: Jun 2 17:11:35: SSH1: SSH_SMSG_FAILURE message sent

000179: Jun 2 17:11:36: SSH1: SSH_SMSG_FAILURE message sent

000180: Jun 2 17:11:39: SSH1: SSH_SMSG_FAILURE message sent

000181: Jun 2 17:11:40: SSH1: authentication failed for admin (code=7)

000182: Jun 2 17:11:41: SSH1: Session disconnected - error 0x07

000183: Jun 2 17:11:50: %SYS-5-CONFIG_I: Configured from console by vty0 (172.25.12.48)

"""""""""

And I have created a user on teh switch:

username admin password 0 test

So what is the problem...

Thanks in advance...

Guillaume RENARD

glmrenard · ‎06-03-2003

Hello !

i have the beginning of the solution...

"aaa new−model"

but i lose the old method to connect...

Please help.

Thanks

Guillaume

stierb · ‎06-03-2003

are you also using

aaa authentication login default local

in your config?

glmrenard · ‎06-03-2003

Hello,

Thanks for your answer but no because

""""""""""""""""""

SWSR232#conf t

Enter configuration commands, one per line. End with CNTL/Z.

SWSR232(config)#aaa authentication login default local

^

% Invalid input detected at '^' marker.

""""""""""""""""""

So it doesn't work, any other idea ?

Guillaume

stierb · ‎06-03-2003

how about putting 'login local' in the vty config?

conf t

line vty 0 15

login local

glmrenard · ‎06-03-2003

If I do that, when I try to log to my switch, I am asked to put a username, I haven't...

What I want si simply keep the actual method to connect by telnet

"""""""""

User Access Verification

Password:

SWSR232>

""""""""""

That is just type a password and permit an ssh access but how can I access to the switch in ssh without a username but just a password ?

stierb · ‎06-03-2003

OK. So you want to enable SSH with usernames, but keep telnet without usernames.

Try configuring some lines that will answer to ssh, and some that wil answer to telnet.

so line vty 0 4 will have transport input ssh

and line vty 5 10 will have transport input telnet

line vty 0 4 will have login default local

line vty 5 10 will have a password configured, and also login authentication nousername

and in your config

aaa authentication login nousername line

worth a shot...

glmrenard · ‎06-03-2003

it is exactly what I want !

But what is the differnce between the different vty

And how can I know where I connect ?Thank for your help