Cisco SF300-24p SSH "port 22 Connection Refused" error

mads4972@boernenesfriskole.dk · ‎03-26-2018

I have recently purchased a Cisco SF300-24p for my work which is going to manage our VLANs and internet connections.

I have little to no experience with VLANs Trunks and network management and have in the meantime found several useful guides and lessons on Youtube, but they all use the CLI for managing and assigning ports to VLANs etc. And I would like to be able to do this as well.

I have been logged on to the Web interface of this switch's configuration and enabled SSH as a connectivity option. But SSH does not appear on the TCP/UPD Service list (as shown below) and I cannot connect through my bash terminal to SSH.

This is the error I get when I try to connect through SSH:

What am I missing here? It is set up to seem very simple, but yet I cannot seem to get management permissions through SSH and it I cannot immediately find any answers on forums that seems to apply to my situation.

Spooster IT Services · ‎03-26-2018

Hi,
Below is the procedure to enable SSH on Cisco SF300-24P
1. Access the switch using GUI.
2. Once you are logged in, expand Security in the left-hand menu, then click on TCP/UDP Services. On the right-hand pane, you’ll see the different TCP and UDP services you can enable for your Cisco switch.
Make sure you click the Apply button to save the changes.
After you Click the Apply button, you will see changes in TCP Services Table as Service Name as SSH, type as TCP, Local IP Address as All.
Note that this will only save the change to running config.

That’s all about you must do to enable basic SSH on your switch. So which user can log into the switch?
you can see the list of users by expanding Administration and then clicking on User Accounts.
User Level must be Read/Write Management Access.
You can add more users there.

Spooster IT Services Team

mads4972@boernenesfriskole.dk · ‎03-26-2018

These are the steps that I have already taken. If you look at the image above SSH is checked, but it does not appear in the TCP/UDP List as an option.

gs.skills · ‎03-26-2018

Hello,

I don't know about your configuration, but switches require the domain name and hostname to be set in order to be able to generate the rsa keys. And without keys, the ssh daemon will not start.

So, i suggest to verify that hostname and domain name are set and then disable/enable the ssh service.

Regards, Guillaume

mads4972@boernenesfriskole.dk · ‎03-26-2018

Now that's an answer I can use!
First: What is the domain? And what purpose does it serve?

gs.skills · ‎03-26-2018

The domain name could represent the realm under your administrative control: for example: 'mynetwork'

It seems you cannot set the domain name from the webui, so i guess there are already factory generated keys for ssh.

I would go for Spootser request: verify users or maybe create a new user with the right rights

Spooster IT Services · ‎03-27-2018

Hello,

I suggest you to enable Telnet for testing purpose. After Enabling Telnet check that changes reflect in the TCP Services Table as Service Name as Telnet and able to telnet the Switch. Then you can check the running configuration regarding SSH.

You can also check the Firmware version of Switch, it should be latest.

Below Link will help you more regarding SSH.

https://sbkb.cisco.com/CiscoSB/GetArticle.aspx?docid=46861924d95a4461885b2137267df6d7_ssh_server_authentication_on_the_300_series_managed_switches.xml&pid=2&converted=0

Spooster IT Services Team