Network error:connection Refused

paulike12 · ‎07-29-2015

Dear all,

I configured ssh on my router and since the could not login using putty on my LAN or WAN. i was using telnet before i configured ssh.The error message is Network error:connection refused why I try to login.Can anyone help me figure out this error?

Mark Malone · ‎07-30-2015

You have no key enabled so ssh is disabled

%Please create RSA keys to enable SSH (and of atleast 768 bits for SSH v2).

To generate a key fo the below in conf t mode

crypto key generate rsa ------then hit return type 1024 and return again run --show ip ssh

it should be enabled then

kermiteburroughs · ‎09-29-2015

I know this is old, but, it is my exact issue. When I generate the key it says it does, but it appears not to. If I issue crypto key generate rsa modulus 2048 and then to sh ip ssh I get

Please create RSA keys to enable SSH (and of atleast 768 bits for SSH v2).

Authentication methods:publickey,keyboard-interactive,password

Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa

Hostkey Algorithms:x509v3-ssh-rsa,ssh-rsa

Encryption Algorithms:aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc

MAC Algorithms:hmac-sha1,hmac-sha1-96

Authentication timeout: 120 secs; Authentication retries: 3

Minimum expected Diffie Hellman key size : 2048 bits

IOS Keys in SECSH format(ssh-rsa, base64 encoded): NONE

I have tried zeroizing and reissuing the key, to no avail. I have a ticket open right now, but so far no love.

Thoughts?

Mark Malone · ‎09-29-2015

Do you get the same if you try do a 1024 key ?

whats does the show crypto key mypubkey rsa output show ?

when you try this crypto key zeroize rsa does it remove keys?

You have a domain-name/hostname and username set yes can block it as well if not in config

kermiteburroughs · ‎09-29-2015

Right now (prior to trying a 1024 key) I get a cisco_idevid_sudi keytype RSA Keys

another showing the proper device name + Domain with keytype RSA_keys - all general purpose

issued zeroize -

one key left which is the cisco idevid

generated keys with 1024 and have the same two keyst again.

I do have a domain name and host name. Also have a local user and pwd on the vty...along with acl, etc. But, it does include the network I'm coming from.

sh ip ssh still says to create a key.

Mark Malone · ‎09-30-2015

And does the ssh work when you try access the switch from putty can you log in by ssh does it show you as an ssh user with show ssh ?

It might be just a cosmetic bug if the actual ssh is still working

kermiteburroughs · ‎09-30-2015

SSH did not work at all.

TAC got it working for me, and it was very simple if correct. I would never have given you the proper info to get it fixed.

Apparently I created the key before I created the key-pair. He did it in the other order and it worked. Not sure I had ever paid attention to the order I was doing it in.

Thanks for reading!

Mark Malone · ‎10-01-2015

good to know :)