cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
14866
Views
0
Helpful
7
Replies

Network error:connection Refused

paulike12
Level 1
Level 1

Dear all,

I configured ssh on my router and since the could not login using putty on my LAN or WAN. i was using telnet before i configured ssh.The error message is Network error:connection refused why I try to login.Can anyone help me figure out this error?

 

 

7 Replies 7

Mark Malone
VIP Alumni
VIP Alumni

You have no key enabled so ssh is disabled

%Please create RSA keys to enable SSH (and of atleast 768 bits for SSH v2).

To generate a key fo the below in conf t mode

crypto key generate rsa ------then hit return type 1024 and return again run --show ip ssh

it should be enabled then

I know this is old, but, it is my exact issue. When I generate the key it says it does, but it appears not to. If I issue crypto key generate rsa modulus 2048 and then to sh ip ssh I get

Please create RSA keys to enable SSH (and of atleast 768 bits for SSH v2).
Authentication methods:publickey,keyboard-interactive,password
Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa
Hostkey Algorithms:x509v3-ssh-rsa,ssh-rsa
Encryption Algorithms:aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
MAC Algorithms:hmac-sha1,hmac-sha1-96
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 2048 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded): NONE
 
I have tried zeroizing and reissuing the key, to no avail. I have a ticket open right now, but so far no love.
Thoughts?

Do you get the same if you try do a 1024 key ?

whats does the show crypto key mypubkey rsa output show ?

when you try this crypto key zeroize rsa does it remove keys? 
 

You have a domain-name/hostname and username set yes can block it as well if not in config

Right now (prior to trying a 1024 key) I get a cisco_idevid_sudi keytype RSA Keys

another showing the proper device name + Domain with keytype RSA_keys - all general purpose

issued zeroize - 

one key left which is the cisco idevid

generated keys with 1024 and have the same two keyst again.

I do have a domain name and host name. Also have a local user and pwd on the vty...along with acl, etc. But, it does include the network I'm coming from. 

sh ip ssh still says to create a key.

And does the ssh work when you try access the switch from putty can you log in by ssh does it show you as an ssh user with show ssh ?

It might be just a cosmetic bug if the actual ssh is still working

SSH did not work at all. 

TAC got it working for me, and it was very simple if correct. I would never have given you the proper info to get it fixed. 

Apparently I created the key before I created the key-pair. He did it in the other order and it worked. Not sure I had ever paid attention to the order I was doing it in.

Thanks for reading!

good to know :)

Review Cisco Networking for a $25 gift card