cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2519
Views
0
Helpful
9
Replies

SSH error connection

opnineopnine
Level 1
Level 1

Hi all,

I have my switches / routers that I cant access via ssh, if I go via telnet I dont have any issue.

I created a new ip domain-name , a new rsa and still the same. I created a new rsa but still the same issue.

 

show ip ssh
SSH Disabled - version 2.0
%Please create RSA keys to enable SSH (and of atleast 768 bits for SSH v2).
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded): NONE

Thanks.

9 Replies 9

Mark Malone
VIP Alumni
VIP Alumni
Hi
create a v2 key
crypto key generate RSA
then hit return ,type yes if asks and then type 1024 and run the show ip ssh again please

also make sure ssh is allowed in vty port

ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh source-interface xxxx
ip ssh version 2
ip domain-name mark.com

line vty 0 4
transport input ssh

I would also suggest using at least a 2K bit key.

Hello,

 

Did that and still the same issue.

 

Thanks. 

what software version are you on ?
is there anything ssh related appearing in logs when you try to generate the key ?

Try erasing the key and then re-creating it.

Please post the output of show version. In particular we are looking to see if the image file you are running has k9 in the image name. If k9 is present then it is a crypto enabled image and we need to look for other reasons why SSH does not work. If k9 is not present then it is not a crypto enabled image and SSH will not work until you load a crypto enabled image.

 

HTH

 

Rick

HTH

Rick

Oh, I might add, I just recently completed a project to convert from telnet to SSH. (2,000+ Cisco devices.)

Had a couple of Cisco devices that wouldn't work until I erased and recreated the key. Just resetting the key on them didn't make a difference.

nixpengu1n
Level 1
Level 1

Hello,

 

In general you should issue this minimum of commands to make SSH work on a Cisco switch or router:

 

conf t

ip domain-name %DOMAIN_NAME%

enable secret 0 %SECRET_PASSWORD%

service password-encryption

aaa new-model

aaa authorization login default local

username %USERNAME% password %PASSWORD%

crypto key generate rsa general-keys modulus 2048

ip ssh version 2

line vty 0 15

transport input ssh

exit

exit

 

Bold items should be user-defined (so you define them, not just blindly copy and paste this config) :)

Hi,

try to do:

crypto key generate ras modulus 1024

Best regards

Review Cisco Networking for a $25 gift card