cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

CISCO SWITCHES FOR SMALL and MEDIUM BUSINESS

Introducing the next generation of Cisco Small and Medium Business Switches. Cisco is refreshing its SMB Switch portfolio. Click here  to learn more.


2125
Views
4
Helpful
8
Replies
Highlighted
Beginner

connecting to sf302-80p via ssh-prevent prompt for password

Hi there.

I'm wondering if anyone knows to set up the switch so that when I'm connecting via SSH, the switch doesn't prompt for a username if I supply one in the initial connect request?

For example, we usually connect by typing something like the following at a command prompt:

ssh johndoe@10.10.10.10

Then the switch would prompt for a password.

I've tried this on the Cisco SF302 but it still prompts for a username, and then the password.

Thanks for reading this post!

8 REPLIES 8
Highlighted
Rising star

Good morning juleedev

Thanks for using our forum.

I am a Cisco network support engineer, in order to configure ssh in your switch follow this steps:

  1. Create a user.

  2. Create a hostname.

  3. Create a domain-name.

  4. Configure the Crypto key rsa.

  5. Allow the input ssh in line vty configuration.

Then in your pc, use this cmd and type this command,

ssh -l

Also you can use other program instead of cmd, you can download and use '' putty '' is a free and open source terminal emulator application which can act as a client for the SSH, Telnet, rlogin, and raw TCP computing protocols and as a serial console client.

I hope you find this answer useful, if it was satisfactory  for you, please mark the question as Answered.

Please rate helpful posts.

Greetings,

Johnnatan Rodriguez Miranda.

Cisco network support engineer

“Please rate useful posts so other users can benefit from it” Greetings, Johnnatan Rodriguez Miranda. Cisco Network Support Engineer.
Highlighted

Hi there. Thanks for the response. I've been away for a little while which is why I didn't respond sooner.   In any case, one thing I forgot to mention is that we are trying to use a radius server for authentication.  so we are not using public keys.

Does that change the solution that you've posted above?  As a test, i just tried connecting using

ssh -l

but it still prompts me for the username again.

I'm trying to figure out how to accomplish step 5 in your post, but in the mean time, I thought I'd ask about how / if radius changes anything as far as your post is concerned.

thanks.  

Highlighted

Good morning

Hi juleedev,  my name is Johnnatan and I am part of the Small business Support community.

If you are using a radius server, this one will ask you for a user name when you log in to authenticate, by the way I recommend you log  with putty.

http://www6.nohold.net/CiscoSB/Loginr.aspx?login=1&pid=4&app=search&vw=1&articleid=1865

Thanks,

I hope you find this answer useful,if it was satisfactory  for you, please mark the question as Answered and rate useful answer.

Greetings,

Johnnatan Rodriguez Miranda.

Cisco network support engineer.

“Please rate useful posts so other users can benefit from it” Greetings, Johnnatan Rodriguez Miranda. Cisco Network Support Engineer.
Highlighted

Johnnatan,

Thanks for the response. 

But can you clarify your comment?  Do you mean that since I  am using a radius server, I cannot avoid being prompted twice for the  username?

As far as putty is concerned, I'm actually going to be connecting programmatically to the switch using phpseclib.

But I'm just trying to run some tests manually, and so I am using a terminal session.

Thanks.

Highlighted

Hi juleedev

You can try to disable the RADIUS server, then log-in and see if your switch ask twice for the username again,

if this doesn´t happens you should check your server configurations

If this happens you can contact our technical support team

https://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html

Thanks,

I hope you find this answer useful,if it was satisfactory  for you, please mark the question as Answered and rate useful answer.

Greetings,

Johnnatan Rodriguez Miranda.

Cisco network support engineer.

“Please rate useful posts so other users can benefit from it” Greetings, Johnnatan Rodriguez Miranda. Cisco Network Support Engineer.
Highlighted

After doing some research, here's the solution to our problem.  Others may have resolved in a different way, but this seems to work for us.

What we noticed is the following:

1.  popular ssh libraries like phpseclib were failing on this switch because of the limited ssh implementation.

2.  php's ssh2_auth_none function returns TRUE on this switch. 

What does this mean? 

It seems that the ssh protocol has an authentication method called  "none". This is insecure, and is usually disabled on most switches. The ssh2_auth_none() function attempts to connect without any authentication and if it fails, it returns a list of the authentication methods that the server accepts.  In the case of the SF300.. it DOES NOT FAIL and returns nothing for the authentication methods.

3. Known CLI and SSH Limitations

Although they weren't able to give us a solution, CISCO tech support did explicitly state that the small business class switches have a  limited CLI and a pared down version of SSH as well so you cannot treat  it as you an enterprise level switch that has a full blown ssh  implementation.

In case it helps, here's a little snippet of code that shows how to connect to these types of devices:

Hope this helps anyone who's attempting to connect to these types of devices programmatically.

Highlighted

Hi  juleedev,

Thanks for reply that answer, it will be very useful.

Greetings,

Johnnatan Rodriguez Miranda.

Cisco network support engineer.

“Please rate useful posts so other users can benefit from it” Greetings, Johnnatan Rodriguez Miranda. Cisco Network Support Engineer.
Highlighted
Beginner

Hi juleedev, I just found out myself on the same problem, I read your solution, but found out a better one.

You just need to enable password-auth in the console, I checked this value and it's already present on versions 1.3 (also available on versions 1.4.x)

ip ssh password-auth