Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3875
Views
0
Helpful
8
Replies

Putty Fatal ERROR

Go to solution
AbelBurgos5029
Level 1
Level 1

‎03-06-2020 07:53 AM

Hello everyone,

 

I have a switch stack of 3 Cisco 3900s that I recently performed password recovery on. Ever since I did the password recovery and reboot them, I have not been able to connect to it via Putty. Every time I try it says : "Fatal error: Connection refused."

 

No configuration changes were made and everything on the network is functioning.

 

Any ideas how to fix this?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mark Malone
VIP Alumni
VIP Alumni

‎03-06-2020 08:00 AM

Hi
did the console port change to one of the other switches in the stack by any chance have you tried each one ?

if its not console and your using ssh check the show ip ssh and make sure the keys are still enabled they may have been lost or corrupted

regenerate the keys

crypto key generate rsa
HIT RETURN
type key length 2048 and hit return again

then repeat show ip ssh should say enabled ssh 2.0 like below

#sh ip ssh
SSH Enabled - version 2.0
Authentication methods:publickey,keyboard-interactive,password
Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa
Hostkey Algorithms:x509v3-ssh-rsa,ssh-rsa

View solution in original post

0 Helpful
8 Replies 8

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎03-06-2020 07:59 AM

Looks for me some SSH config missing here to confirm :

 

connect to console cable and post below output.

 

show version

show ip ssh

show run | s line

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
AbelBurgos5029
Level 1
Level 1
In response to balaji.bandi

‎03-06-2020 08:07 AM

The console connection is also not working. I didnt want to mix one topic with the other lol, but ever since I recovered the password, for some reason it doesnt allow me to try my username and password via console port. It keeps giving me a message similar to: "authentication failed" and never allows me to input username or password.

 

I am assuming that this issue has something to do with the fact that is a 3 switch stack and they are not able to authenticate each other? But if that is the case how come they are passing network traffic between them?

 

Sorry I know it might be confusing.

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to AbelBurgos5029

‎03-06-2020 08:52 AM

Ok here is the steps you need to do :

 

1. Make sure you consoling to master Switch (not the stack members)

 

After connecting to  master switch, still form console you are not able to login,

 

then you need another password recovery process, make sure you remember username and password and test before you relaoad another one.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎03-06-2020 07:59 AM

Hi,

Are you using SSH or Telnet? If the IOS does not support SSH try Telnet.

 

HTH

0 Helpful

Go to solution
Mark Malone
VIP Alumni
VIP Alumni

‎03-06-2020 08:00 AM

Hi
did the console port change to one of the other switches in the stack by any chance have you tried each one ?

if its not console and your using ssh check the show ip ssh and make sure the keys are still enabled they may have been lost or corrupted

regenerate the keys

crypto key generate rsa
HIT RETURN
type key length 2048 and hit return again

then repeat show ip ssh should say enabled ssh 2.0 like below

#sh ip ssh
SSH Enabled - version 2.0
Authentication methods:publickey,keyboard-interactive,password
Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa
Hostkey Algorithms:x509v3-ssh-rsa,ssh-rsa
0 Helpful

Go to solution
AbelBurgos5029
Level 1
Level 1
In response to Mark Malone

‎03-06-2020 08:10 AM

Mark,

 

This is a good idea. I would not be surprised if the key got lost or corrupted. This process has been a pain because I have not had access to the configurations on the switch since I started the position. So in other words I been guessing all the way....

 

Currently dont have access through putty nor though console port. (see my other response for the error I am getting when I connect to the console port on any of the 3 switches)

 

Thanks

0 Helpful

Go to solution
AbelBurgos5029
Level 1
Level 1
In response to Mark Malone

‎03-10-2020 09:40 AM

For some reason the SSH got disabled after password recovery. All I had to do was to generate a new key and enable ssh.

 

Thanks

0 Helpful

Go to solution
Mark Malone
VIP Alumni
VIP Alumni
In response to AbelBurgos5029

‎03-10-2020 10:11 AM

Cool glad you got it sorted , at least with the new switches you dont need to regenerate keys , ssh is default in newer 9ks and always on

Also to prevent that happening again deploy this , i have it on a ll my switches like 3ks 4ks remotely so if they ever reboot or are rebooted the key gets regenerated on router startup so you know thats not the issue and the keys are good

event manager applet EEM_SSH_Keygen
event timer cron cron-entry "@reboot"
action 0.0 info type routername
action 0.1 set status "none"
action 1.0 cli command "enable"
action 2.0 cli command "show ip ssh | include ^SSH"
action 2.1 regexp "([ED][^ ]+)" "$_cli_result" result status
action 3.0 if $status eq "Disabled"
action 3.1 cli command "configure terminal"
action 3.2 cli command "crypto key generate rsa modulus 2048 label $_info_routername"
action 3.3 cli command "end"
action 3.4 end
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card