Solved: ASR 1004 and persistent SSH

jmfranco · ‎06-21-2010

Hi.

Im trying to configure persistent SSH across management Interface in our new Cisco ASR 1004 platforms. Well, It seems to work fine, however when I try ssh to management interface:

1. TACACS+ authentication doesn´t work. Only local authentication (usernames configured in local) works with persistent SSH. Taking a view to ASR 1004 user guide, aaa is not supported over management interface configured for persistent SSH. Ok, it´s clear for me.

2. SSH session is stuck waiting for free TTY line, but only I´m trying to access to it ¿¿??. I only get into router emulation using persistent SSH, in diag mode pressing Ctrl+C or Ctrl+Shift+6, but you know in diag mode we won´t obtain full line vty capabilities. Anybody knows why don´t we obtain TTY line access using persistent SSH?

This is our config:

transport-map type persistent ssh sshmg
rsa keypair-name ASR_CBR4.elcorteingles.es
transport interface GigabitEthernet0
banner wait "*** WAITING FOR VTY LINE - CBR4***"
banner diagnostic "***DIAGNOSTIC MODE - CUBR4***"
connection wait allow interruptible

transport type persistent ssh input sshmg

B.R.

2.

Nicholas Carrieri · ‎09-21-2013

http://www.cisco.com/en/US/docs/routers/asr1000/configuration/guide/chassis/Console_Telnet_SSH_Handling.html#wp1057152

You MUST use local authentication to work with Persistant SSH.

View solution in original post

Nicholas Carrieri · ‎09-21-2013

http://www.cisco.com/en/US/docs/routers/asr1000/configuration/guide/chassis/Console_Telnet_SSH_Handling.html#wp1057152

You MUST use local authentication to work with Persistant SSH.

Richard Burts · ‎09-21-2013

Nick

I am delighted to see that you have begun to post in the CSC. Welcome Aboard.

HTH

Rick

HTH

Rick