Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1537
Views
0
Helpful
7
Replies

WS-C4506-E ssh/enable password failure after upgrade.

RRmanagedservices
Level 1
Level 1

‎11-13-2019 05:18 AM

Hello,

After upgrading the WS-C4506-E Cisco Catalyst 4500E Supervisor Engine 8-E from ios version 03.03.02.XO to version 03.08.08.E.

We cannot access the switch via ssh.

when we locally access via console.

we run "show ip ssh" and find: ssh disabled - version 1.99

                                               Please create RSA keys to enable SSH

Pasted image.png

at this time we try to elevate privilege by using enable password and this fails as well.

Is there a known bug for these switches?

We have attempted 2 upgrades of 10 switches and this has happened to both 4506-E so far.

 

1 person had this problem
Labels:
0 Helpful
7 Replies 7

Jaderson Pessoa
VIP Alumni
VIP Alumni

‎11-13-2019 05:30 AM

Hello,

New versions have ssh version 1 disabled for security reason, so if you have used ssh version 1 to access your device trough vty, you will need configure ssh version 2. In this case, you need recreate the RSA Keys.

1. create username and password
2. create rsa key: crypto key generate rsa 2048
3. ssh version 2
4. apply methods on line vty's. (ssh)

Regards,
Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful

RRmanagedservices
Level 1
Level 1
In response to Jaderson Pessoa

‎11-13-2019 05:42 AM

Jaderson,

Yes that is correct,

1. I was able to ssh into device to perform upgrade prior to reload. ( Now ssh v2 is disabled )

2. the second part of my problem is that the enable password no longer works. ( It worked to allow me in to upgrade in the first place)

so obviously I cannot elevate privilege to run commands to turn ssh v2 back on etc.

We are looking for verification of a known bug.

We will need to do a password recovery to get back into the 4506.  

0 Helpful

Jaderson Pessoa
VIP Alumni
VIP Alumni
In response to RRmanagedservices

‎11-13-2019 06:05 AM

Hello,

 

There are many procedure to recover password, look guide below;

Cisco guide:

https://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/12043-pswdrec-6000.html

 

Using snmp to recovery password: https://www.tek-tips.com/faqs.cfm?fid=705

 

Mark as helpful and solved all posts that were helped you.

 

Regards,

 

 

Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful

RRmanagedservices
Level 1
Level 1
In response to Jaderson Pessoa

‎11-13-2019 06:12 AM

Thank You,

I am aware of password recovery procedures.

I am looking for a known bug that is causing my issues.

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame

‎11-13-2019 02:34 PM - edited ‎11-13-2019 02:34 PM

The RSA keys have gone "zero".
Regenerate the RSA keys will get SSH back.

I don't think this is due to a bug with 3.8.X but I believe the bug is in 3.3.2.

0 Helpful

RRmanagedservices
Level 1
Level 1
In response to Leo Laohoo

‎11-13-2019 03:07 PM

yes,

we understand that we have to regenerate the keys.

but part of the problem is the enable password stopped working at the same time.

here is the bug for 3.3.2

https://quickview.cloudapps.cisco.com/quickview/bug/CSCuz72344

0 Helpful

julian.bendix
Level 3
Level 3

‎11-25-2019 01:48 PM

Hey!

It seems it lost the RSA key during reboot, that is why it was not possible to SSH in to the Box after the reboot.

For the issue with the enable password,
I was searching for bugs which we could face for the platform and/or the software version.

Couldn't find anything.

Do you need any further assistance?

Best regards
Julian

 

0 Helpful
Customers Also Viewed These Support Documents