Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2518
Views
0
Helpful
9
Replies

SSH error connection

opnineopnine
Level 1
Level 1

‎01-18-2018 04:48 AM - edited ‎03-08-2019 01:28 PM

Hi all,

I have my switches / routers that I cant access via ssh, if I go via telnet I dont have any issue.

I created a new ip domain-name , a new rsa and still the same. I created a new rsa but still the same issue.

 

show ip ssh
SSH Disabled - version 2.0
%Please create RSA keys to enable SSH (and of atleast 768 bits for SSH v2).
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded): NONE

Thanks.

1 person had this problem
Labels:
0 Helpful
9 Replies 9

Mark Malone
VIP Alumni
VIP Alumni

‎01-18-2018 05:00 AM

Hi
create a v2 key
crypto key generate RSA
then hit return ,type yes if asks and then type 1024 and run the show ip ssh again please

also make sure ssh is allowed in vty port

ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh source-interface xxxx
ip ssh version 2
ip domain-name mark.com

line vty 0 4
transport input ssh
0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to Mark Malone

‎01-18-2018 05:32 AM

I would also suggest using at least a 2K bit key.
0 Helpful

opnineopnine
Level 1
Level 1
In response to Mark Malone

‎01-18-2018 05:42 AM

Hello,

 

Did that and still the same issue.

 

Thanks. 

0 Helpful

Mark Malone
VIP Alumni
VIP Alumni
In response to opnineopnine

‎01-18-2018 05:45 AM

what software version are you on ?
is there anything ssh related appearing in logs when you try to generate the key ?
0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to opnineopnine

‎01-18-2018 05:46 AM

Try erasing the key and then re-creating it.
0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Joseph W. Doherty

‎01-18-2018 07:15 AM

Please post the output of show version. In particular we are looking to see if the image file you are running has k9 in the image name. If k9 is present then it is a crypto enabled image and we need to look for other reasons why SSH does not work. If k9 is not present then it is not a crypto enabled image and SSH will not work until you load a crypto enabled image.

 

HTH

 

Rick

HTH

Rick
0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to Joseph W. Doherty

‎01-18-2018 07:55 AM

Oh, I might add, I just recently completed a project to convert from telnet to SSH. (2,000+ Cisco devices.)

Had a couple of Cisco devices that wouldn't work until I erased and recreated the key. Just resetting the key on them didn't make a difference.
0 Helpful

nixpengu1n
Level 1
Level 1

‎01-18-2018 05:42 AM

Hello,

 

In general you should issue this minimum of commands to make SSH work on a Cisco switch or router:

 

conf t

ip domain-name %DOMAIN_NAME%

enable secret 0 %SECRET_PASSWORD%

service password-encryption

aaa new-model

aaa authorization login default local

username %USERNAME% password %PASSWORD%

crypto key generate rsa general-keys modulus 2048

ip ssh version 2

line vty 0 15

transport input ssh

exit

exit

 

Bold items should be user-defined (so you define them, not just blindly copy and paste this config) :)

0 Helpful

Jewgeni Uschegow
Level 1
Level 1

‎01-18-2018 12:33 PM

Hi,

try to do:

crypto key generate ras modulus 1024

Best regards

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card