01-12-2023 06:05 PM
Hi, I have a problem with ssh connection please help
Below is our configration for ssh, and os version is 15.2(7)E6
the issue is in same user name, console can login but ssh can't
I wonder if it's software bug. Please advise, Thank you
enable secret cisco
username cisco secret 9 Cisco
no aaa new-model
crypto pki trustpoint TP-self-signed-486627712
crypto pki certificate chain TP-self-signed-486627712
certificate self-signed 01
line con 0
exec-timeout 5 0
login local
stopbits 1
line vty 0 4
access-class 1 in
exec-timeout 5 0
login local
transport input ssh
line vty 5 15
access-class 1 in
exec-timeout 5 0
login local
transport input ssh
01-12-2023 08:11 PM
What is the error you getting ?
SSH config as below :
username XXXXXXXXXXXX privilege 15 secret 5 XXXXXXXXXXXXX
ip domain-name ZZZZZ.com
aaa new-model
ip ssh version 2 ( you may need to run RSA key generatio )
crypto key generate rsa (when it ask length i use 1024)
line vty 0 15 (or more VTY lines)
privilege level 15 <--if you like to go directly to # with out enable
transport input ssh
access-class 1 in <--- you have ACL here so make sure the source IP match here to login SSH)
01-12-2023 08:21 PM
thanks balaji.bandi, but already done all that configurations
the error is when connect with console cable, it's normally activate with our username and password
but when use ssh to connect, login failed
in spite of use same username and password
so I doubt is it a software bug or something
01-12-2023 08:36 PM
but when use ssh to connect, login failed - you see from client side or device console ?
what log you see on the console of the device when you try to connect from your PC using SSH client ?
but already done all that configurations - original post does not show us that information - hence my suggestion of the config.
if you like for us to do further assistance post-show run (full config) removing passwords.
if you think it's a bug then raise a TAC case.
01-13-2023 12:41 AM
I agree with @balaji.bandi that the issue might be with "access-class 1 in". We do not know what is in acl 1 and do not know what is the IP of the device you are attempting to ssh from so we can not be sure if this is the issue. I suggest that as a test you remove this line from the config and see if the behavior changes.
01-13-2023 12:52 AM
Thanks @Richard Burts , @balaji.bandi
There is none access-list config additional settings, it's just result of Migration
and we'd test with other switch in same config, ssh had normally activate
so we decide to raise a TAC case.
Thx for your help!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide