02-22-2011 05:19 AM - edited 03-06-2019 03:41 PM
Hi friend,
I have an issue in ssh in 3750 switch. I get the following error message while login.
*Mar 8 02:20:03.972: %SSH-5-SSH2_SESSION: SSH2 Session request from 192.168.16.10 (tty = 0) using crypto cipher 'aes256-cbc', hmac 'hmac-sha1' Succeeded
*Mar 8 02:20:06.975: %SSH-5-SSH2_USERAUTH: User '' authentication for SSH2 Session from 192.168.16.10 (tty = 0) using crypto cipher 'aes256-cbc', hmac 'hmac-sha1' Failed.
I have an error message while connect to the switch through putty.
My switch IOS version is : c3750-ipbasek9-mz.122-50.SE1
Please check th configuration, i enclosed it.
02-22-2011 05:33 AM
Hi,
Verify putty is not using a wrong user for ssh.
if not then do a debug ip ssh and debug aaa authentication and post output here.
Regards.
Alain.
02-22-2011 06:10 AM
Hi,
Have you configured rsa key?
I think that is the problem..
create an RSA encryption key pair for the router to use for authentication and encryption of the SSH data, below is the right command to enable rsa.
#crypto key generate rsa
Please rate the helpfull posts.
Regards,
Naidu.
06-03-2016 04:40 AM
do a:
show run | begin line c
do you have a:
line vty 0 4
I had the same problem and I only had a
line vty 5 15
in my configuration so you can never login until there are 5 sessions already established. Just add the "line vty 0 4" to your configuration if this is the case, and configure it as required.
I hope this helps.
02-22-2011 10:34 AM
Hi Alain/Naidu,
Thanks for your reply,
I enabled the debug commands above mentioned, but i am not receive any debug messages while connect to ssh protocol.
I received the following error message.
*Mar 8 02:20:03.972: %SSH-5-SSH2_SESSION: SSH2 Session request from 192.168.16.10 (tty = 0) using crypto cipher 'aes256-cbc', hmac 'hmac-sha1' Succeeded
*Mar 8 02:20:06.975: %SSH-5-SSH2_USERAUTH: User '' authentication for SSH2 Session from 192.168.16.10 (tty = 0) using crypto cipher 'aes256-cbc', hmac 'hmac-sha1' Failed.
I had enabled crypto key generate rsa as 1024bit.
I had tried to zeroise the crypto and regenerate the crypto key, eventhough it shows the same message.
Thanks in advance.
02-22-2011 11:38 AM
Does it work with telnet? The message indicates you have an authentication problem, not a transport problem.
Do you have AAA configured or local username and password?
02-22-2011 09:57 PM
Hi Ortiz,
Telnet is working fine, but i need ssh authentication.
I configured the same model, another switch is working fine with SSH.
I had tried to reconfigure the switch, eventhough the problem is not rectify.
Thanks for your reply,
Saravanan
02-23-2011 12:53 AM
hi,
trying adding ip domain-name
02-23-2011 05:13 AM
Hi John,
I have configured domain and i can use ssh ver 1 and login to the switch.
If I enabled ssh ver 2 and login to the switch, it show the following error and protocol error.
login as: admin
Using keyboard-interactive authentication.
Password:
then disconnect the connection.
The following logs are taken while ssh ver 1.
Core-Sw(config)#do sh ip ssh
SSH Enabled - version 1.99
Authentication timeout: 120 secs; Authentication retries: 3
Core-Sw#sh ssh
%No SSHv1 server connections running.
Connection Version Mode Encryption Hmac State Username
1 2.0 IN aes256-cbc hmac-sha1 Session started admin
1 2.0 OUT aes256-cbc hmac-sha1 Session started admin
I don't know, while enable ssh ver 2, it's not login.
thanks & regards,
Saravanan.
02-23-2011 11:17 AM
Hello
Can you increase the SSH time-out value ;-)
you've configured:
ip ssh time-out 3
Could you configure it to value 60?
ip ssh time-out 60
-------------
HTH
plz rate helpfull posts
06-19-2012 08:04 AM
I am getting the same error with the Catalyst 3750X. I am running code 12.2(53r)SE2.
I used the same ssh and AAA configuration for the 3750X as I did on a 2960S. The 2960s ssh works with no issues.
Here are the things I have attempted on the 3750X to fix the issue.
1.change the timeout
2.set a proper domain name
3. zeroize the rsa keys and reapply them
This is what I recieve in the logs when I go to login into the 3750X.
Jun 19 15:01:56.238: %SSH-5-SSH2_SESSION: SSH2 Session request from 10.250.34.125 (tty = 1) using crypto cipher 'aes256-cbc', hmac 'hmac-sha1' Succeeded
Jun 19 15:02:01.254: %SSH-5-SSH2_USERAUTH: User '' authentication for SSH2 Session from X.X.X.X (tty = 1) using crypto cipher 'aes256-cbc', hmac 'hmac-sha1' Failed
The only time I do not get this is error is when I quickly enter my username and password. If I let it sit there for 5 seconds or more without enterning a username and password I get the above errors in the log. I also get the attached error message in putty.
Any help is greatly apperciated!
06-19-2012 12:53 PM
Tim
It sounds like you have an issue with timing relative to login. Can you post the config?
HTH
Rick
11-26-2012 08:42 AM
Did anyone find the solution eventually to this problem?
01-28-2014 02:28 AM
I had the same issue and I found the problem. Check your Memory:
http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a0080c1e4c6.shtml
SSH Working:
--------------
ASR1#show memory summary
Head Total(b) Used(b) Free(b) Lowest(b) Largest(b)
Processor 7FE150387010 1160982064 1146067400 14914664 14225352 13918620
lsmpi_io 7FE14FB7E1A8 6295128 6294304 824 824 412
SSH Not Working:
-------------------
ASR2#show memory summary
Head Total(b) Used(b) Free(b) Lowest(b) Largest(b)
Processor 7FFB6ACB0010 1160982064 1120122056 40860008 29163912 24132068
lsmpi_io 7FFB6A4A71A8 6295128 6294304 824 824 412
If you do not want to proceed with upgrade there is a temporary solution:
aaa memory threshold authentication reject 2
aaa memory threshold accounting disable 1
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: