I am trying to configure two SG350XG swithes remotly via console access only.
Using the CLI, how can I enable SSH on the switches?
I tried "IP SSH server" but on the cli, when I hit ? it does not show SSH as being a command I can select?
normally it needs something like:
line vty 0 4
transport input ssh
! but by default telnet and ssh are already enabled
but you also need to set
- hostname: "hostname <name>"
- domain-name "ip domain xx.yy"
- create rsa keys "crypto key generate rsa modulus 2048"
To enable SSH you need to have generated RSA keys. And to generate RSA keys you need to specify a router name and domain name. The other thing to be careful about is the version of code that the switches are running and whether that code supports encryption, which is necessary for SSH. Please tell us the exact file name of the image that the switches are running. If the file name includes k9 in the name then it does support encryption. Without k9 in the name then the image does not support encryption and so will not be able to enable SSH.
thanks for that, i've added all the commads as suggested, rebooted, but I still get an error when typing ssh
% Unrecognized command
coming back to your first post, the device should accept the command "ip ssh server"
please post output of "show ip ssh" or maybe attach output of "show running-config"
The command guide specifies these to enable
ip ssh password-auth
ip ssh pubkey-auth [auto-login]
auto-login—Specifies that the device management AAA authentication (CLI login) is not needed. By default, the login is required after the SSH authentication
But you mention the "ssh" command is not accepted?
just to be sure you did configure an ip-adress on the system(s)?
and maybe this options need to be added, either on the command line or by configuration command
Specifies the password to use when logging in on the remote networking device running the SSH server. If the keyword is not specified, the password configured by the ip ssh-client password command is used. If this keyword is specified the the /user keyword must be specified too.
Specifies the source interface which minimal IPv4/v6 address will be used as the source IPv4/v6 address. If the keyword is not specified, the source IPv4/IPv6 address configured by the ip ssh-client source-interface command is used.
Specifies the user name to use when logging in on the remote networking device running the SSH server. If the keyword is not specified, the user name configured by the ip ssh-client username command is used. If this keyword is specified the /password keyword must be specified too.
im starting to tthink this is a bit buggy? I've managed to enable telnet using pretty much the same method, but from the switch Icannot SSH to another as the command is not there? telent works fine. I have another switch that has been configured by someone else and works and I cant see what the difference is in the config?
aaa authentication login authorization SSH local
aaa authentication enable authorization SSH enable
aaa authentication login authorization TELNET local
aaa authentication enable authorization TELNET enable
login authentication TELNET
enable authentication TELNET
login authentication SSH
enable authentication SSH
username XXX password encrypted XXX privilege 15
ip ssh server
ip domain name XXX
ip telnet server
Could you post the exact file name of the image running in both switches. Would like to verify that they are running exactly the same code.