Solved: Re: Cannot SSH into C9500-48Y4C

ronjonjonjon1 · ‎04-01-2021

I am sitting at a PC outside my data center. I can SSH into the core switch no problem via putty. But, I cannot SSH into the access switch that is connected to this core switch. I can ping both the core and the access switch from the PC. I can also ping the access switch from the core switch.

The core switch is connected to the access switch via a trunk port which is connected to a port-channel. Both the trunk port and the port-channel are using the same native vlan, and both interfaces are up-up. I have verified that I configured 'crypto key gen rsa mod 2048' on switch, then 'ip ssh ver 2', then 'transport input ssh' on the line vty. I then 'sh ip ssh' and it says disabled. I am doing all the configurations via the GUI because it's in a basement and hard to get to.

What the heck is the issue?

ronjonjonjon1 · ‎04-02-2021

Hey Reza, it turns out I was running putty v .60 and I updated to v .72 and it worked thanks for your help!

View solution in original post

Reza Sharifi · ‎04-01-2021

I can SSH into the core switch no problem via putty. But, I cannot SSH into the access switch that is connected to this core switch.

Try adding an "ip default-gateway x.x.x.x" to the access switch. The gateway for that subnet is most likely the core switch.

HTH

ronjonjonjon1 · ‎04-01-2021

Thanks for the reply Reza. I have put 'ip default gateway' on the access-layer switch to the int vlan of the core switch which is on the same subnet of the int vlan on the access layer switch and it still doesn't work.

ronjonjonjon1 · ‎04-01-2021

Could there be an issue with what the source-interface is for SSH?

Reza Sharifi · ‎04-01-2021

Hi,

Can you ping the access switch IP from where you are sitting? If yes, network connectivity is good but you have possibly an SSH issue.

Can you post "sh run" and "sh ver" from the access switch?

Does the IOS support SSH?

HTH

ronjonjonjon1 · ‎04-01-2021

I can ping the access switch IP from where I am sitting. Yes it does take the SSH ver 2 command and says its enabled. I cannot post the sh run, b/c this is a government network, but the sh ver is: Cisco IOS XE Version 17.03.01. I also rebooted the switch and that didn't fix it.

Reza Sharifi · ‎04-01-2021

I cannot post the sh run, b/c this is a government network,

completely understand!

CAT3K_CAA-UNIVERSALK9-M

do you see a k9 in the version?

Also, can you post the commands you used to enable ssh?

HTH

ronjonjonjon1 · ‎04-02-2021

The 'sh ver' of this particular switch is Catalyst L3 Switch Software (CAT9K_IOSXE), Version 17.3.1, RELEASE SOFTWARE (fc5)

The commands I used were:

-crypto key gen rsa mod 2048 (because the switch said it required "2048" for ssh v2)

-ip ssh ver 2

-no aaa new-model

-line vty 0 15

-login local

-transport input ssh

-ip default-gateway <to core switch>

I will also say, I can currently administer this switch remotely via the 'ip http server' command.

Reza Sharifi · ‎04-02-2021

What is the output when you issue "sh ip ssh"/

You may want to remove the ssh config completely and redo it again and see if there is a change.

Also, you may want to add the first command below to your vty lines and test

line vty 0 15
transport preferred ssh
transport input ssh
transport output ssh

ronjonjonjon1 · ‎04-02-2021

'sh ip ssh' output:

SSH Enabled - Version 1.99

Authentication methods and all the other ones about 20 lines, I can't copy and paste from gov. network

towards the botton it's using ssh-rsa using the domain-name I configured.

Also added, 'transport output ssh' onto line vty's and still doesn't work. Putty window, "PuTTY Fatal Error: Server unexpectedly closed network connection"

ronjonjonjon1 · ‎04-02-2021

Hey Reza, it turns out I was running putty v .60 and I updated to v .72 and it worked thanks for your help!