10-04-2012 07:23 AM
Hi there.
I'm wondering if anyone knows to set up the switch so that when I'm connecting via SSH, the switch doesn't prompt for a username if I supply one in the initial connect request?
For example, we usually connect by typing something like the following at a command prompt:
ssh johndoe@10.10.10.10
Then the switch would prompt for a password.
I've tried this on the Cisco SF302 but it still prompts for a username, and then the password.
Thanks for reading this post!
10-11-2012 09:15 AM
Good morning juleedev
Thanks for using our forum.
I am a Cisco network support engineer, in order to configure ssh in your switch follow this steps:
Create a user.
Create a hostname.
Create a domain-name.
Configure the Crypto key rsa.
Allow the input ssh in line vty configuration.
Then in your pc, use this cmd and type this command,
ssh -l
Also you can use other program instead of cmd, you can download and use '' putty '' is a free and open source terminal emulator application which can act as a client for the SSH, Telnet, rlogin, and raw TCP computing protocols and as a serial console client.
I hope you find this answer useful, if it was satisfactory for you, please mark the question as Answered.
Please rate helpful posts.
Greetings,
Johnnatan Rodriguez Miranda.
Cisco network support engineer
10-29-2012 07:57 AM
Hi there. Thanks for the response. I've been away for a little while which is why I didn't respond sooner. In any case, one thing I forgot to mention is that we are trying to use a radius server for authentication. so we are not using public keys.
Does that change the solution that you've posted above? As a test, i just tried connecting using
ssh -l
but it still prompts me for the username again.
I'm trying to figure out how to accomplish step 5 in your post, but in the mean time, I thought I'd ask about how / if radius changes anything as far as your post is concerned.
thanks.
10-29-2012 09:02 AM
Good morning
Hi juleedev, my name is Johnnatan and I am part of the Small business Support community.
If you are using a radius server, this one will ask you for a user name when you log in to authenticate, by the way I recommend you log with putty.
http://www6.nohold.net/CiscoSB/Loginr.aspx?login=1&pid=4&app=search&vw=1&articleid=1865
Thanks,
I hope you find this answer useful,if it was satisfactory for you, please mark the question as Answered and rate useful answer.
Greetings,
Johnnatan Rodriguez Miranda.
Cisco network support engineer.
10-29-2012 12:17 PM
Johnnatan,
Thanks for the response.
But can you clarify your comment? Do you mean that since I am using a radius server, I cannot avoid being prompted twice for the username?
As far as putty is concerned, I'm actually going to be connecting programmatically to the switch using phpseclib.
But I'm just trying to run some tests manually, and so I am using a terminal session.
Thanks.
10-29-2012 12:32 PM
Hi juleedev
You can try to disable the RADIUS server, then log-in and see if your switch ask twice for the username again,
if this doesn´t happens you should check your server configurations
If this happens you can contact our technical support team
https://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html
Thanks,
I hope you find this answer useful,if it was satisfactory for you, please mark the question as Answered and rate useful answer.
Greetings,
Johnnatan Rodriguez Miranda.
Cisco network support engineer.
11-15-2012 06:52 AM
After doing some research, here's the solution to our problem. Others may have resolved in a different way, but this seems to work for us.
What we noticed is the following:
1. popular ssh libraries like phpseclib were failing on this switch because of the limited ssh implementation.
2. php's ssh2_auth_none function returns TRUE on this switch.
What does this mean?
It seems that the ssh protocol has an authentication method called "none". This is insecure, and is usually disabled on most switches. The ssh2_auth_none() function attempts to connect without any authentication and if it fails, it returns a list of the authentication methods that the server accepts. In the case of the SF300.. it DOES NOT FAIL and returns nothing for the authentication methods.
3. Known CLI and SSH Limitations
Although they weren't able to give us a solution, CISCO tech support did explicitly state that the small business class switches have a limited CLI and a pared down version of SSH as well so you cannot treat it as you an enterprise level switch that has a full blown ssh implementation.
In case it helps, here's a little snippet of code that shows how to connect to these types of devices:
Hope this helps anyone who's attempting to connect to these types of devices programmatically.
11-23-2012 07:27 AM
Hi juleedev,
Thanks for reply that answer, it will be very useful.
Greetings,
Johnnatan Rodriguez Miranda.
Cisco network support engineer.
02-23-2016 04:21 AM
Hi juleedev, I just found out myself on the same problem, I read your solution, but found out a better one.
You just need to enable password-auth in the console, I checked this value and it's already present on versions 1.3 (also available on versions 1.4.x)
ip ssh password-auth
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide