Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6214
Views
5
Helpful
7
Replies

3 question about cisco 2960

Go to solution
blackmetal
Level 1
Level 1

‎01-06-2012 11:00 PM - edited ‎03-07-2019 04:12 AM

Hello,

we have a cisco 2960 48 port tcl switch port and i've enable ssh on my switch and now :

1) how can i login to ssh ? how should create username for ssh ?

2) how can i disable telnet ?

3) how can i change main (master) password?

THanks,

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎01-06-2012 11:16 PM

Hi,

1) You will need to configure a non-default hostname and domain name and then create the RSA keypair that will be used by the SSH. Enter these commands in the global configuration mode:

hostname MyHostname

ip domain-name my.domain.com

crypto key generate rsa general-keys modulus 1024

line vty 0 15

login local

exit

username SomeUser secret HisPassword

The first two commands set up the hostname and domain name. The third command generates a RSA keypair. The fourth to sixth commands activate the user-based authentication for all remote accesses including Telnet and SSH (i.e. you will need to log in using both username and password, not just a password). The last command defines a new user. You may use it repeatedly to define multiple users or to redefine their passwords.

Please feel free to replace the MyHostname and my.domain.com with real hostname and domain name.

2) Enter the following commands in the global configuration mode after you have confirmed you are able to login to the switch using SSH:

line vty 0 15

transport input ssh

end

3) There is no "master password" but if you are referring to the password requested after entering the enable command then this password can be set using the following global configuration command:

enable secret NewPasswordForPrivilegedMode

Best regards,

Peter

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎01-06-2012 11:16 PM

Hi,

1) You will need to configure a non-default hostname and domain name and then create the RSA keypair that will be used by the SSH. Enter these commands in the global configuration mode:

hostname MyHostname

ip domain-name my.domain.com

crypto key generate rsa general-keys modulus 1024

line vty 0 15

login local

exit

username SomeUser secret HisPassword

The first two commands set up the hostname and domain name. The third command generates a RSA keypair. The fourth to sixth commands activate the user-based authentication for all remote accesses including Telnet and SSH (i.e. you will need to log in using both username and password, not just a password). The last command defines a new user. You may use it repeatedly to define multiple users or to redefine their passwords.

Please feel free to replace the MyHostname and my.domain.com with real hostname and domain name.

2) Enter the following commands in the global configuration mode after you have confirmed you are able to login to the switch using SSH:

line vty 0 15

transport input ssh

end

3) There is no "master password" but if you are referring to the password requested after entering the enable command then this password can be set using the following global configuration command:

enable secret NewPasswordForPrivilegedMode

Best regards,

Peter

0 Helpful

Go to solution
blackmetal
Level 1
Level 1
In response to Peter Paluch

‎01-06-2012 11:38 PM

thanks lot,.

0 Helpful

Go to solution
blackmetal
Level 1
Level 1
In response to Peter Paluch

‎01-06-2012 11:39 PM

just a question i enter

crypto key generate rsa and create a 512bit key now if i reenter crypto key generate rsa general-keys modulus 1024 the key will change to 1024 right? without any problem?

Thanks,

0 Helpful

Go to solution
Amit Singh
Cisco Employee
Cisco Employee
In response to blackmetal

‎01-07-2012 01:26 AM

Yes, Farshid. It will generate the new keys. But your active sessions may get kill.

Cheers,

-amit singh

0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to blackmetal

‎01-07-2012 02:16 AM

If you need SSH make sure your IOS supports CRYPTO. 

0 Helpful

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee
In response to Leo Laohoo

‎01-07-2012 04:26 AM

Dear friends,

Regarding the shorter RSA keypair of 512 bits, I recently answered to another thread here where the original poster complained about the inability of starting SSHv2 although he has generated a keypair of appropriate bit length. We eventually discovered that he originally created a short keypair and subsequently generated the new, longer keypair. The device therefore had two RSA keypairs created. However, the SSH was still using the short keypair and therefore it refused to run in SSHv2 mode.

The easiest solution to this problem was to erase all RSA keypairs and then create a new single keypair that will be of proper length. This is also what I suggest doing: erasing all RSA keys and then generating a new keypair using these global config level commands:

crypto key zeroize rsa

crypto key generate rsa general-keys modulus 1024

Best regards,

Peter

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to Peter Paluch

‎01-07-2012 03:29 PM 

crypto key zeroize rsa

Thanks Peter.

Learn something new everyday. 

0 Helpful
Customers Also Viewed These Support Documents