Mon Dec 14 2020 10:09:17 GMT+0100 (Mitteleuropäische Normalzeit)
===================================================================================
#show version
Cisco IOS Software, C2960L Software (C2960L-UNIVERSALK9-M), Version 15.2(7)E3, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2020 by Cisco Systems, Inc.
Compiled Sun 06-Sep-20 11:19 by prod_rel_team

ROM: Bootstrap program is C2960L boot loader
BOOTLDR: C2960L Boot Loader (C2960L-HBOOT-M) Version 15.2(6r)E1, RELEASE SOFTWARE (fc1)

Switch uptime is 10 hours, 31 minutes
System returned to ROM by power-on
System restarted at 23:37:50 GMT Sun Dec 13 2020
System image file is "flash:c2960l-universalk9-mz.152-7.E3/c2960l-universalk9-mz.152-7.E3.bin"
Last reload reason: Reload command

Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 28 WS-C2960L-SM-24PS 15.2(7)E3 C2960L-UNIVERSALK9-M

Configuration register is 0xF

Mon Dec 14 2020 10:12:35 GMT+0100 (Mitteleuropäische Normalzeit)
===================================================================================
#show run | in ssh

(no output)

Mon Dec 14 2020 10:13:05 GMT+0100 (Mitteleuropäische Normalzeit)
===================================================================================
#show ssh
%No SSHv2 server connections running.

i do not see SSH running, can you post

#show license

command not possible on this switch.

Mon Dec 14 2020 10:51:22 GMT+0100 (Mitteleuropäische Normalzeit)
===================================================================================
#show license
Invalid input detected.

something looks odd here...can you post show run

If I compare show run with an old config backup there is something missing.

After "crypto pki certificate chain TP-self-signed-958090880" the backup contains:
certificate self-signed 01
30820229 30820 ......

This part is missing now. A few month ago ssh was working, I think it's broken with the last firmware update.

Mon Dec 14 2020 15:44:37 GMT+0100 (Mitteleuropäische Normalzeit)
===================================================================================
#show run
Building configuration...

Current configuration : 4171 bytes
!
! Last configuration change at 23:38:20 GMT Sun Dec 13 2020
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
enable secret 9 xyz
!
username user privilege 15 secret 9 xyz
no aaa new-model
clock timezone GMT 1 0
clock summer-time GMT recurring
system mtu routing 1500
!
ip dhcp pool mgmt_pool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 192.168.1.1
lease 0 0 1
!
!
ip igmp snooping vlan 2 mrouter learn cgmp
!
!
!
!
!
!
energywise domain cisco security shared-secret 0 cisco
!
crypto pki trustpoint TP-self-signed-958090880
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-958090880
revocation-check none
rsakeypair TP-self-signed-958090880
!
!
crypto pki certificate chain TP-self-signed-958090880
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface Bluetooth0
no ip address
shutdown
!
interface GigabitEthernet0/1
description Esszimmer Gast LAN
switchport access vlan 2
switchport mode access
spanning-tree portfast edge
!
interface GigabitEthernet0/2
description Esszimmer LAN
switchport mode access
spanning-tree portfast edge
!
interface GigabitEthernet0/3
switchport mode access
!
interface GigabitEthernet0/4
description Buero AP
switchport trunk allowed vlan 1,2
switchport mode trunk
!
interface GigabitEthernet0/5
switchport mode access
!
interface GigabitEthernet0/6
switchport mode access
!
interface GigabitEthernet0/7
description Buero PC
switchport mode access
spanning-tree portfast edge
!
interface GigabitEthernet0/8
description Buero Telefon
switchport mode access
spanning-tree portfast edge
!
interface GigabitEthernet0/9
description Wohnzimmer Switch
switchport mode access
!
interface GigabitEthernet0/10
description Wohnzimmer AP
switchport trunk allowed vlan 1,2
switchport mode trunk
!
interface GigabitEthernet0/11
description Buero Drucker
switchport mode access
spanning-tree portfast edge
!
interface GigabitEthernet0/12
description Buero Raspi
switchport mode access
spanning-tree portfast edge
!
interface GigabitEthernet0/13
description Schlafzimmer ATV
switchport mode access
spanning-tree portfast edge
!
interface GigabitEthernet0/14
description Schlafzimmer
switchport mode access
spanning-tree portfast edge
!
interface GigabitEthernet0/15
description Keller
switchport mode access
!
interface GigabitEthernet0/16
description Gang
switchport mode access
!
interface GigabitEthernet0/17
description Kinderzimmer AP
switchport trunk allowed vlan 1,2
switchport mode trunk
!
interface GigabitEthernet0/18
description Keller Switch
switchport mode access
!
interface GigabitEthernet0/19
description USV
switchport mode access
spanning-tree portfast edge
!
interface GigabitEthernet0/20
description TK Anlage
switchport mode access
spanning-tree portfast edge
!
interface GigabitEthernet0/21
description NAS Synology
switchport mode access
spanning-tree portfast edge
!
interface GigabitEthernet0/22
description NAS Qnap
switchport mode access
spanning-tree portfast edge
!
interface GigabitEthernet0/23
description Fritzbox LAN1
switchport mode access
!
interface GigabitEthernet0/24
description Fritzbox LAN4 Gast
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet0/25
!
interface GigabitEthernet0/26
!
interface GigabitEthernet0/27
!
interface GigabitEthernet0/28
!
interface Vlan1
ip address 192.168.222.2 255.255.255.0
!
ip default-gateway 192.168.222.1
ip http server
ip http banner
ip http authentication local
ip http secure-server
ip scp server enable
!
!
!
!
line con 0
password xyz
line vty 0 4
privilege level 15
login local
transport input none
line vty 5 15
privilege level 15
login local
transport input none
!
ntp server 129.143.2.33 source Vlan1
ntp server 129.69.1.153 source Vlan1
ntp server 129.143.2.23 source Vlan1
end

Look under line vty 0 4 and line vty 5 15:
it says "transport input none" - meaning that it does not accept any incoming session to the device
you need to go on console, log in and the do this:
conf t
line vty 0 15 
transport input ssh
end
wr mem

Then it shouæld be possible to login with ssh

You could also do "transport input all"; then you can use telnet as well and ensure crypto keys, in case they should be missing

I've seen some times that an upgrade of switches that had "transport input ssh" ends up with "transport input none" after the upgrade.

This doesn't work with this smart managed switch.

But I can "Renew Certificate" over the web gui. It's maybe the same. I get two alerts "ssh disabled" and "ssh enabled", but ssh is still not working.

              - Enable and or use a ssh-client which supports debugging, you may get extra info's

 M.

on my MacBook with option -v

OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug1: Connecting to 192.168.222.2 [192.168.222.2] port 22.
debug1: Connection established.
debug1: identity file /Users/mylocaluser/.ssh/id_rsa type -1
debug1: identity file /Users/mylocaluser/.ssh/id_rsa-cert type -1
debug1: identity file /Users/mylocaluser/.ssh/id_dsa type -1
debug1: identity file /Users/mylocaluser/.ssh/id_dsa-cert type -1
debug1: identity file /Users/mylocaluser/.ssh/id_ecdsa type -1
debug1: identity file /Users/mylocaluser/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/mylocaluser/.ssh/id_ed25519 type -1
debug1: identity file /Users/mylocaluser/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/mylocaluser/.ssh/id_xmss type -1
debug1: identity file /Users/mylocaluser/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.1
kex_exchange_identification: Connection closed by remote host

 Hm, the debugging capabilities seem somewhat limited , advising to debug-test with putty or native ssh (client) on Linux, yet it seems already somewhat listing as to which ciphers are being used -> you can get more info on that with :

% nmap --script ssh2-enum-algos switch

           - Usually the problem is due to an available cipher mismatch between the ssh-client and the ssh-server

 M. 

This is showing:

$ nmap --script ssh2-enum-algos 192.168.222.2

Starting Nmap 7.40 ( https://nmap.org ) at 2020-12-14 16:56 CET
Nmap scan report for 192.168.222.2
Host is up (0.060s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https

Nmap done: 1 IP address (1 host up) scanned in 9.68 seconds

             >crypto key zeroize rsa
             >crypto key generate rsa

  You mentioned this did not work, can you describe why and or which errors are seen when using those commands ?

 M.