Solved: Yes, please read the "Correct

Nick C. · ‎06-14-2012

Hi,

I'm having trouble setting up SSH on my new Switch.

no aaa new-model

aaa authentication login default local

ip domain-name king.local

ip ssh time-out 60

ip ssh authentication-retries 2

ip ssh version 2

line vty 0 4

transport input ssh

line vty 5 15

transport input ssh

Vlan 10 : 192.168.155.1

Vlan 200 : 192.168.251.1

Vlan 300 : 192.168.252.1

I would like to be able to use Vlan 10 192.168.155.1 for SSH remote management. What am I doing wrong? Thank!

n_schloemer · ‎06-14-2012

If you are trying to ssh direct to your laptop you need to make sure you have run the crypto to create the cert and also configure the ip default-gateway for the ip address of your laptop. Since the 2960's are only layer 2 the default gateway is necessary in the future if you ever want to manage this from a routed network. The fact that sshv1 or 2 is not running makes me lean toward the fact you haven't run

crypto key gen rsa

the create a 1024 key its a little more secure

Also, make sure you create a username

username admin priv 15 pass admin

I would use priv 15 just to make sure you alleviate any issues caused from using a differnent priv level.

** If crypto doesn't work, the license you have does not allow crypto and you will be forced to use telnet**

View solution in original post

Leo Laohoo · ‎06-14-2012

Can you please post the output to the command "sh version". Your could be running an IOS-level without Crypto support.

View solution in original post

Sandeep Choudhary · ‎06-14-2012

Hi ,

This version will also work:12.2(50)SE4.

try this.

enable secret 5 daddwedwqewqDSDS//&%
!
username xyz privilege 15 secret 5 §"$§"$R§R$RFRRF

no ip domain-lookup
ip domain-name xyzutz.com
crypto key generate rsa

ip ssh version 2

line con 0
exec-timeout 2 30
login local
line vty 0 4
login local
length 0
line vty 5 15
login local

I tried this in my switch 2960 with 122.50SE4 and it worked perfectly.

Regards

please rate if it helps.

View solution in original post

Jon Major · ‎06-15-2012

Nick,

Excuse me if this comes off as a silly question... but can you ping 192.168.155.1? I'm looking at the config you just posted and I see default-gateway of 10.1.2.25 (your machine as you said) and I see the vlan 10 interface with 192.168.155.1, but how does the switch know how to get to 10.1.2.25, it looks to have no possible route off the 192.168.155.1 network.

I would try giving your machine an IP of something in the 192.168.155.0/24 range (call it 192.168.155.100 for giggles) then make sure the port you're plugged into on that switch is configured for vlan 10.

Switch(config)# interface Fa0/15

Switch(config-if)# switchport access vlan 10

Sorry if I'm over simplifying the problem.

View solution in original post

Nick C. · ‎06-14-2012

I have debug ip ssh enabled, and when I try and SSH to 192.168.155.1 from Putty nothing shows up in the debug.

2960-S#show ssh

%No SSHv1 server connections running.

%No SSHv2 server connections running.

noelciscoman · ‎10-09-2014

I am having the same issue...any resolution?

Nick C. · ‎10-09-2014

Yes, please read the "Correct Answer" posts.

Make sure you can ping your device - My issue was related to bad IP addressing on interface, not so much SSH related.

-Nick Chenault

glen.grant · ‎06-14-2012

Where are you trying to SSH from ? Normally a 2960 is a L2 switch . You have to have a specific level of code and routing turned on in order to for it to route . If L3 routing is not on this box then verify your trunk to the L3 device is setup correctly and the correct vlans are allowed across the trunk . I believe you have to AAA new model enabled also , currently it shows "no aaa new model".

Nick C. · ‎06-14-2012

Currently this switch is not plugged into anything. I have a ethernet cord running from one of the ports to my laptop.

I enabled 'aaa new-model'. I just want to use vlan 10 for a management port. The vlan 200/300 are used for 2 diff subnets for devices that will be connected. I have tried both of the suggestions and still no luck.

2960-S#show ssh

%No SSHv1 server connections running.

%No SSHv2 server connections running.

!

interface Vlan1

no ip address

no ip route-cache

shutdown

!

interface Vlan10

ip address 192.168.155.1 255.255.255.0

no ip route-cache

!

interface Vlan200

ip address 192.168.251.1 255.255.255.0

no ip route-cache

!

interface Vlan300

ip address 192.168.252.1 255.255.255.0

no ip route-cache

n_schloemer · ‎06-14-2012

If you are trying to ssh direct to your laptop you need to make sure you have run the crypto to create the cert and also configure the ip default-gateway for the ip address of your laptop. Since the 2960's are only layer 2 the default gateway is necessary in the future if you ever want to manage this from a routed network. The fact that sshv1 or 2 is not running makes me lean toward the fact you haven't run

crypto key gen rsa

the create a 1024 key its a little more secure

Also, make sure you create a username

username admin priv 15 pass admin

I would use priv 15 just to make sure you alleviate any issues caused from using a differnent priv level.

** If crypto doesn't work, the license you have does not allow crypto and you will be forced to use telnet**

Leo Laohoo · ‎06-14-2012

Can you please post the output to the command "sh version". Your could be running an IOS-level without Crypto support.

glen.grant · ‎06-14-2012

I believe it has to be like 12.2.55 in order to route also .

Sandeep Choudhary · ‎06-14-2012

Hi ,

This version will also work:12.2(50)SE4.

try this.

enable secret 5 daddwedwqewqDSDS//&%
!
username xyz privilege 15 secret 5 §"$§"$R§R$RFRRF

no ip domain-lookup
ip domain-name xyzutz.com
crypto key generate rsa

ip ssh version 2

line con 0
exec-timeout 2 30
login local
line vty 0 4
login local
length 0
line vty 5 15
login local

I tried this in my switch 2960 with 122.50SE4 and it worked perfectly.

Regards

please rate if it helps.

Nick C. · ‎06-15-2012

Thank you ALL for your replies, I have tried everyones suggestions and configs but still no luck. I have attached my config so everyone can see exactly what im working with. I have zeroized my Crypto key and re enabled it using 1024 (which was already 1024 before zeroized).

Currently I'm connected with an ethernet cord from FA0/15 to my Laptop. I set the default gateway of the switch to 10.1.2.25 which is my IP address of the laptop. I'm trying to SSH to 192.168.155.1 with Putty.

Jon Major · ‎06-15-2012

Nick,

Excuse me if this comes off as a silly question... but can you ping 192.168.155.1? I'm looking at the config you just posted and I see default-gateway of 10.1.2.25 (your machine as you said) and I see the vlan 10 interface with 192.168.155.1, but how does the switch know how to get to 10.1.2.25, it looks to have no possible route off the 192.168.155.1 network.

I would try giving your machine an IP of something in the 192.168.155.0/24 range (call it 192.168.155.100 for giggles) then make sure the port you're plugged into on that switch is configured for vlan 10.

Switch(config)# interface Fa0/15

Switch(config-if)# switchport access vlan 10

Sorry if I'm over simplifying the problem.

Nick C. · ‎06-15-2012

SOLVED:

Went ahead and erased my config and started fresh. I believe the issue was that I didnt have the right Vlan assigned to the port I was connected to. Anyways, its working perfect now. Thanks for EVERYONES help. Have a good weekend!!!

n_schloemer · ‎06-16-2012

Great to here you got it working! Have a great rest of the weekend!

Cant SSH into my new Catalyst 2960 Switch.