Hello,

ahmedfh2006 · ‎12-15-2015

Hello

We have a problem regards SSH authentication. We have many switches, which we need to make for them backup on red hat server daily. We are using the SCP protocol between the devices and the server. We are facing many problems which we tried many time to solve but we couldn`t. Hope we could get the solution from your side;

1. we cannot make a secure connection between the switches (catalyst) and the server. We tried many time using the SSH and we couldn`t generate RSA key

2. About the kron, we couldn`t manage to enable it on the catalysts switches, we tried many time but we couldn`t. Could you help us making this configuration.

Sorry if my questions are silly

Best Regards & Thanks in advanced

Ganesh Hariharan · ‎12-15-2015

Hello,

The Cisco IOS image must be a k9(crypto) image in order to support SSH.

For example c3750e-universalk9-tar.122-35.SE5.tar is a k9 (crypto) image.

-GI

ahmedfh2006 · ‎12-16-2015

hello

this is the image which i have on the switch;

System image file is "flash:/c3560e-universalk9-mz.122-55.SE10.bin"

I guess it supports the SSH

LAN Base and LAN LIte crypto image with device manager

Mark Malone · ‎12-16-2015

Once its K9 it should support ssh

can you post your ssh config thats applied and a show ip ssh

Also what error do you get when you try to generate the rsa keys ?

Have you ran a debug on the switch for ssh and tried to connect

ahmedfh2006 · ‎12-16-2015

first it`s:

sh ip ssh
SSH Enabled - version 1.99
Authentication timeout: 120 secs; Authentication retries: 3

the problem that we couldn`t generate the rsa key. We don`t know how. We have tried that on Nexus and it did succeeded, but with the Catylist, we couldn`t do so.

We wanna make a secure path SCP between the switches and the server, in order to let the backup automatically every night to procceed.

Mark Malone · ‎12-16-2015

Your keys are enabled or you wouldn't see 1.99 its ccompatible with v1 and 2 but you need to go only v2 as 1 is insecure only 512 keys you should have generated v2 keys which are 1024 or higher

crypto key generate rsa ----Then hit return type 1024 and hit return again

Then issue show ip ssh it should say version 2

**************************************************************

How to backup via scp is a different thing example

ip scp server enable
aaa authorization exec default local

username xxxx privilege 15 secret xxxxxx
ip ssh pubkey-chain
username xxxx
key-string
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDaPu6jj037
mszQajkRhaNXAd0MaZ7tXR2yKFd/ONZi7XMG3SgH258AddOi
mQJyVw5lwf4j6vuueSOplFWVvlD6Ooc02EM+LxzgtVSPnQs
jwtqjTJKo4e/aeiRbo5ZIy5D2OGuPOXUcXNXN1Pju3QCHhpv
2X1rqAV8Y2z4UKpCMIRWf/8Wb9jiluzQ5XCuumtqHy/3QwL
0+UTrYkVV2C8WwJuqjTrS4S8LR5R31wsMVLPgZ2lgk5UNMS
lacOHaCLg4QMuZs/9QevDAWfzcoqVea9z/Kk54/ysrQhWtn
k98ICzuAUC1i9lODnykZ4UlIm7242shJaJBnjSHFw3J Automation-on-ns

archive
path flash:mybackup
maximum 1
write-memory

Ganesh Hariharan · ‎12-16-2015

Hello,

Yes, As stated by all K9 images supports SSH.

Genrate RSA key with below commands

crypto key generate asa with 1024 length

Have a look on the below link

SSH configuration on cisco switches

Hope it Helps.

-GI

Austin Sabio · ‎12-15-2015

Have you checked if your switches support SSH?

Aus

ahmedfh2006 · ‎12-16-2015

hello

this is the image which i have on the switch;

System image file is "flash:/c3560e-universalk9-mz.122-55.SE10.bin"

I guess it supports the SSH

SSH authentication problem with server and catalyst