Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2537
Views
10
Helpful
15
Replies

Enabling SSH on a C8300 Router

John N
Level 1
Level 1

‎11-15-2023 08:22 AM

I am trying to enable SSH on a C3800 router.  I did the following:

Cisco Catalyst 8300 and Catalyst 8200 Series Edge Platforms Software Configuration Guide - Using Cisco IOS XE Software [Cisco Catalyst 8300 Series Edge Platforms] - Cisco

Please see the output below... So when I SSH i am able to put in the username-when I enter the password I get the timeout error message and the session closes.  I configured on line vty 0 1.  Any ideas or assitance would be greatly appreciated. 

 

Cisco_C
Nov 15 16:04:31.819: %SYS-5-PRIV_AUTH_PASS: Privilege level set to 15 by ******* on console
Cisco_C#show ip ssh
SSH Enabled - version 2.0
Authentication methods:publickey,keyboard-interactive,password
Authentication Publickey Algorithms:ssh-rsa,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,x509v3-ecdsa-sha2-nistp256,x509v3-ecdsa-sha2-nistp384,x509v3-ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512,x509v3-rsa2048-sha256
Hostkey Algorithms:rsa-sha2-512,rsa-sha2-256,ssh-rsa
Encryption Algorithms:aes256-ctr,aes192-ctr,aes128-ctr
MAC Algorithms:hmac-sha2-256,hmac-sha2-512
KEX Algorithms:diffie-hellman-group14-sha1
Authentication timeout: 60 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 2048 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded): TP-self-signed-1010930280
Modulus Size : 2048 bits
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFqoYY8tUZtp4AiV1AEJDzel5BRa0qZ+X7PXI9RALn
zUKZGT2iuKtV56lugJRzAFXkHzYmZwHxEfLp26c2kVVZL61XMOn1YbK6KI8zBdICn0twTFXzW3emhLRF
3mLND2yaFpfEZX+5vuXlyU51XCP/JV3Cp7NaXJ6DIo0YfOc9v3e6aMEG/1gtEvmWnxVwVDCosh1LGp07
A7kOwAKDQJsSd/ba5MRWD6/BERvdM8sdmnsqugtVQD4hZxHO3dUQyvHUx+APR2JGIm42WIqSDNPKgV0x
I3RasMuVvqLQQFnIoFXzFLb4iGEuiuDwTpCdfZGe8SaSq0AFgvhwZ0gwJ0k9
Cisco_C#show run | section line
line con 0
logging synchronous
transport preferred none
stopbits 1
line aux 0
no exec
transport output none
line vty 0 1
logging synchronous
transport input ssh
transport output none
line vty 2 4
no exec
transport input ssh
transport output none
line vty 5 15
no exec
transport input none
transport output none

 

Here is the log of me logging in via SSH and the subsequent errors....

 

Nov 15 15:28:47.231: %SYS-5-CONFIG_I: Configured from console by ****** on console
Cisco_C#
Nov 15 15:29:02.288: %SSH-5-SSH_COMPLIANCE_VIOLATION_HOSTK_ALGO: SSH Host-key Algorithm compliance violation detected.Kindly note that weaker Host-key Algorithm 'ssh-rsa' will be disabled by-default in the upcoming releases.Please configure more stronger Host-Key algorithms to avoid service impact.
Nov 15 15:29:02.386: %SSH-5-SSH2_SESSION: SSH2 Session request from xx.xx.x.x (tty = 1) using crypto cipher 'aes256-ctr', hmac 'hmac-sha2-256' Succeeded
Cisco_C#
Nov 15 15:29:18.163: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: xxxxxx] [Source: xx.xx.x.x] [localport: 22] at 15:29:18 UTC Wed Nov 15 2023
Nov 15 15:29:18.163: %SSH-5-SSH2_USERAUTH: User 'xxxxxx' authentication for SSH2 Session from xx.xx.x.x (tty = 1) using crypto cipher 'aes256-ctr', hmac 'hmac-sha2-256' Succeeded
Nov 15 15:29:18.163: %SSH-3-BAD_PACK_LEN: Bad packet length -554831608
Cisco_C#
Nov 15 15:29:18.163: %SSH-5-SSH2_CLOSE: SSH2 Session from xx.xx.x.x (tty = 1) for user '' using crypto cipher 'aes256-ctr', hmac 'hmac-sha2-256' closed

 

Regards, 

J

 

 

 

Labels:
15 Replies 15

Richard Burts
Hall of Fame
Hall of Fame
In response to MHM Cisco World

‎11-16-2023 10:45 PM

I believe that the messages about cipher strength are a warning about something that might become a problem in a future release but do not relate to your current problem.

I find these messages from the output that you posted to be very interesting:

Nov 16 20:23:02.349: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: s] [Source: 56.xxx.x.x] [localport: 22] at 20:23:02 UTC Thu Nov 16 2023
Nov 16 20:23:02.349: %SSH-5-SSH2_USERAUTH: User 's' authentication for SSH2 Session from 56.xxx.x.x (tty = 0) using crypto cipher 'aes256-ctr', hmac 'hmac-sha2-256' Succeeded

So the device believes that your connection attempt was successful. But you do not have access. Why might this be the case? I believe that the issue is this part of your config:

transport output none

I suggest removing this (perhaps transport output all) and tell us if the behavior changes.

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card