Re: SSH into Catalyst 2950-S

Senbonzakura · ‎01-01-2020

Greetings everyone, I'm running into a issue that for some reason I cannot get figured out.

I configured the switch to allow me to access it through SSH through one port. Everything is working, ping and all but whenever I type in the password through CMD it tells me Permission Denied then I try putty and get Access Denied. Any ideas on what is causing this to happen? I'm just experimenting right now with creating my own labs outside of GNS3 and Packet tracer, this will all work there but here in the lab, it will not work.

ssh -l binary 192.168.0.200

password: binary

Permission Denied

password:

hostname: switch1

enable secret root

ip domain-name domain.com

username binary secret binary

crypto key generate rsa

[512]:1024

ip ssh version 2

line vty 0 15

password binary

login local

transport input ssh

Georg Pauwen · ‎01-01-2020

Hello,

odd. I used your exact configuration and it works just fine. Where do you access the switch from ? I tested with accessing the switch from another switch through the default Vlan 1, with both switches connected through a trunk:

enable secret 5 $1$0HZf$VpPqcZ.CfiftaH65lGPgc0
!
username binary secret 5 $1$k/L5$4v1x6sBB9BbAZiHbFLyqQ.
!
ip domain-name domain.com
ip cef
!

interface GigabitEthernet0/0
description Trunk to switch2
switchport trunk encapsulation dot1q
switchport mode trunk
media-type rj45
negotiation auto

!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
!
ip ssh version 2
!
line vty 0 4
password binary
login local
transport input ssh
line vty 5 15
password binary
login local
transport input ssh

I would suggest to zeroize the RSA key, wr erase the entire configuration, reboot the switch, and start from scratch...

Senbonzakura · ‎01-01-2020

It's very odd, I turned my G1/0/20 port into an access port and made a VLAN 99 then named it MGT then assigned it 192.168.0.200 /24 then switched my NIC settings to the same as that port. Pinged the address and have communication but even with all those settings it just tells me permissions denied. It's very odd, I have tried doing the entire configuration from scratch and nothing works still.

I'll try switching it to a trunk and seeing if that will make the difference, it really shouldn't because it should honestly work as an access as well.

Senbonzakura · ‎01-01-2020

Even with the trunk, still nothing as well. I wiped the switch clean, restarted it and then reconfigured the switch. Still nothing is working as well. Not sure why it's not working for me.

Georg Pauwen · ‎01-01-2020

Hello,

as I understand it, you are trying to connect from a PC ? Did you try to disable the (Windows) firewall (assuming you have a Windows machine) ?

Senbonzakura · ‎01-01-2020

It is my windows computer, yes firewall disabled. Windows 10, I've tried it on my surface pro and my dell latitude computer and I get the issue with both. After 3 failed attempts it says at the end.

binary@192.168.0.200: Permission denied (publickey,password,keyboard-interactive).

Georg Pauwen · ‎01-01-2020

Hello,

in the example posted earlier, I used the (default) Vlan 1, what if you configure your switch the same way and give your PC an IP address in Vlan 1 (and use an access mode port) ?

Senbonzakura · ‎01-01-2020

I switched everything to that, and I tried using a few different ranges but now I'm getting this.

Also changed the modulus from 1024 to 2048, same thing as well.

when I try to connect while in the CLI on my other computer it shows.

SSH2 0: no matching cipher found: client chacha20-poly1305@openssh.com,aes128-ctr,aes256-ctr,aes128-gcm@openssh.com,

Unable to negotiate with 192.168.1.1 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

even after when I was using the 192.168.0.200 I got the same thing to.

pk21 · ‎01-03-2020

Hi Binary443,

Try the commands below:

line vty 0 15

no password binary

login local

That will probably fix your problem. If not then maybe there is a clue of what is going wrong in the logs of the 2950-s.

Peter