cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2825
Views
4
Helpful
8
Replies

connecting to sf302-80p via ssh-prevent prompt for password

juleedev
Level 1
Level 1

Hi there.

I'm wondering if anyone knows to set up the switch so that when I'm connecting via SSH, the switch doesn't prompt for a username if I supply one in the initial connect request?

For example, we usually connect by typing something like the following at a command prompt:

ssh johndoe@10.10.10.10

Then the switch would prompt for a password.

I've tried this on the Cisco SF302 but it still prompts for a username, and then the password.

Thanks for reading this post!

8 Replies 8

jonatrod
Level 7
Level 7

Good morning juleedev

Thanks for using our forum.

I am a Cisco network support engineer, in order to configure ssh in your switch follow this steps:

  1. Create a user.

  2. Create a hostname.

  3. Create a domain-name.

  4. Configure the Crypto key rsa.

  5. Allow the input ssh in line vty configuration.

Then in your pc, use this cmd and type this command,

ssh -l

Also you can use other program instead of cmd, you can download and use '' putty '' is a free and open source terminal emulator application which can act as a client for the SSH, Telnet, rlogin, and raw TCP computing protocols and as a serial console client.

I hope you find this answer useful, if it was satisfactory  for you, please mark the question as Answered.

Please rate helpful posts.

Greetings,

Johnnatan Rodriguez Miranda.

Cisco network support engineer

“Please rate useful posts so other users can benefit from it” Greetings, Johnnatan Rodriguez Miranda. Cisco Network Support Engineer.

Hi there. Thanks for the response. I've been away for a little while which is why I didn't respond sooner.   In any case, one thing I forgot to mention is that we are trying to use a radius server for authentication.  so we are not using public keys.

Does that change the solution that you've posted above?  As a test, i just tried connecting using

ssh -l

but it still prompts me for the username again.

I'm trying to figure out how to accomplish step 5 in your post, but in the mean time, I thought I'd ask about how / if radius changes anything as far as your post is concerned.

thanks.  

Good morning

Hi juleedev,  my name is Johnnatan and I am part of the Small business Support community.

If you are using a radius server, this one will ask you for a user name when you log in to authenticate, by the way I recommend you log  with putty.

http://www6.nohold.net/CiscoSB/Loginr.aspx?login=1&pid=4&app=search&vw=1&articleid=1865

Thanks,

I hope you find this answer useful,if it was satisfactory  for you, please mark the question as Answered and rate useful answer.

Greetings,

Johnnatan Rodriguez Miranda.

Cisco network support engineer.

“Please rate useful posts so other users can benefit from it” Greetings, Johnnatan Rodriguez Miranda. Cisco Network Support Engineer.

Johnnatan,

Thanks for the response. 

But can you clarify your comment?  Do you mean that since I  am using a radius server, I cannot avoid being prompted twice for the  username?

As far as putty is concerned, I'm actually going to be connecting programmatically to the switch using phpseclib.

But I'm just trying to run some tests manually, and so I am using a terminal session.

Thanks.

Hi juleedev

You can try to disable the RADIUS server, then log-in and see if your switch ask twice for the username again,

if this doesn´t happens you should check your server configurations

If this happens you can contact our technical support team

https://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html

Thanks,

I hope you find this answer useful,if it was satisfactory  for you, please mark the question as Answered and rate useful answer.

Greetings,

Johnnatan Rodriguez Miranda.

Cisco network support engineer.

“Please rate useful posts so other users can benefit from it” Greetings, Johnnatan Rodriguez Miranda. Cisco Network Support Engineer.

After doing some research, here's the solution to our problem.  Others may have resolved in a different way, but this seems to work for us.

What we noticed is the following:

1.  popular ssh libraries like phpseclib were failing on this switch because of the limited ssh implementation.

2.  php's ssh2_auth_none function returns TRUE on this switch. 

What does this mean? 

It seems that the ssh protocol has an authentication method called  "none". This is insecure, and is usually disabled on most switches. The ssh2_auth_none() function attempts to connect without any authentication and if it fails, it returns a list of the authentication methods that the server accepts.  In the case of the SF300.. it DOES NOT FAIL and returns nothing for the authentication methods.

3. Known CLI and SSH Limitations

Although they weren't able to give us a solution, CISCO tech support did explicitly state that the small business class switches have a  limited CLI and a pared down version of SSH as well so you cannot treat  it as you an enterprise level switch that has a full blown ssh  implementation.

In case it helps, here's a little snippet of code that shows how to connect to these types of devices:

Hope this helps anyone who's attempting to connect to these types of devices programmatically.

Hi  juleedev,

Thanks for reply that answer, it will be very useful.

Greetings,

Johnnatan Rodriguez Miranda.

Cisco network support engineer.

“Please rate useful posts so other users can benefit from it” Greetings, Johnnatan Rodriguez Miranda. Cisco Network Support Engineer.

aseques01
Level 1
Level 1

Hi juleedev, I just found out myself on the same problem, I read your solution, but found out a better one.

You just need to enable password-auth in the console, I checked this value and it's already present on versions 1.3 (also available on versions 1.4.x)

ip ssh password-auth 
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Switch products supported in this community
Cisco Business Product Family
  • CBS110
  • CBS220
  • CBS250
  • CBS350
Cisco Switching Product Family
  • 110
  • 200
  • 220
  • 250
  • 300
  • 350
  • 350X
  • 550X