08-20-2011 07:01 PM - edited 03-07-2019 01:48 AM
Can someone please tell the commands to setup SSH to a Catalyst 3560 switch? This will be to the private IP Address
Any help will be greatly appreciated.
Thanks,
Lake
Solved! Go to Solution.
08-20-2011 07:24 PM
Lake
See this document for details on configuring ssh -
http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml
basic steps -
configure hostname
configure domain name
configure username
create crypto key
enable vty lines for ssh
note that your image name must have a k9 in it as this is the image version that supports ssh.
switch# dir flash:
will show you the image name
Jon
08-21-2011 11:54 AM
Hi Lakeram,
SSH needs the K9 image in the switches. Please go ahead and download the K9 image of the c3560-ipbasek9.mz(exact version) from the Cisco software download page to enable SSH. You could easily upgrade to an IOS with Krypto Image as it doesn't need purchasing any license(Most of the times). It is only required when you upgrade from to a different feature set for example from IPBASE to IPSERVICES.
Thanks,
Ricky Micky
*Pls rate useful posts
08-21-2011 03:13 PM
Lake
You have downloaded the new IOS image but you are still running the old image ie. from your output -
System image file is "flash:c3560-ipbase-mz.122-25.SEE2/c3560-ipbase-mz.122-25.SEE2.bin"
so you need to tell the switch to boot the new image. Firstly you need to locate the new image ie. it will be in flash but if you notice from the above the actual .bin file is in a directory
directory = c3560-ipbase-mz.122-25.SEE2/
actual image file = c3560-ipbase-mz.122-25.SEE2.bin
if you do a "dir flash:" you will see the directory and in that directory is the actual image file.
It depends on how you loaded the new k9 image. If you loaded he whole directory then you need to use the directory/filename but if you just loaded the actual image file ie. the .bin file then you just use the image name.
To tell the switch which image to boot add this to your config -
boot system flash flash:c3560-ipbasek9-mz.122-25.SEE2/c3560-ipbasek9-mz.122-25.SEE2.bin
the above would be if the new image was in a directory. If it's just file then don't include the directory bit. Note be very careful when entering the above as it needs to match exactly.
One last point. There may already be a boot system flash command in your running config. If there is -
1) remove it with the "no boot system flash ......" command
2) then put the new one in and then add the old string after that separating with a semicolon eg.
boot system flash flash:c3560-ipbasek9-mz.122-25.SEE2/c3560-ipbasek9-mz.122-25.SEE2.bin;flash:c3560-ipbase-mz.122-25.SEE2/c3560-ipbase-mz.122-25.SEE2.bin
Jon
08-21-2011 08:13 PM
Lake,
The command is
crypto key generate rsaip ssh time-out 60Here is doc to that goes over the SSH installation and how to configure your PC for SSH access
ip ssh authentication-retries 2
http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml
HTH
Reza
08-21-2011 08:44 PM
line vty 0 15
transport input ssh or all...
I usually set to ssh only...
Cheers,
Fabio
08-21-2011 09:30 PM
if I were you I would do this
username xxx privilege 15 secret xxxxx
line vty 0 15
no password password
login local
Cheers,
Fabio
08-20-2011 07:24 PM
Lake
See this document for details on configuring ssh -
http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml
basic steps -
configure hostname
configure domain name
configure username
create crypto key
enable vty lines for ssh
note that your image name must have a k9 in it as this is the image version that supports ssh.
switch# dir flash:
will show you the image name
Jon
08-20-2011 07:27 PM
Hi Jon,
I will test and let you know.
Thanks,
Lake
08-21-2011 11:39 AM
Jon
When i enter the dir flash: It says c3560-ipbase-mz. How can i upgrade to k9?
Thanks,
Lake
08-21-2011 11:54 AM
Hi Lakeram,
SSH needs the K9 image in the switches. Please go ahead and download the K9 image of the c3560-ipbasek9.mz(exact version) from the Cisco software download page to enable SSH. You could easily upgrade to an IOS with Krypto Image as it doesn't need purchasing any license(Most of the times). It is only required when you upgrade from to a different feature set for example from IPBASE to IPSERVICES.
Thanks,
Ricky Micky
*Pls rate useful posts
08-21-2011 12:00 PM
I will do that.
Thanks,
Lake
08-21-2011 12:51 PM
08-21-2011 01:56 PM
Lake
Are you sure you are running the k9 image. Can you post a "sh ver" ?
Jon
08-21-2011 03:13 PM
Lake
You have downloaded the new IOS image but you are still running the old image ie. from your output -
System image file is "flash:c3560-ipbase-mz.122-25.SEE2/c3560-ipbase-mz.122-25.SEE2.bin"
so you need to tell the switch to boot the new image. Firstly you need to locate the new image ie. it will be in flash but if you notice from the above the actual .bin file is in a directory
directory = c3560-ipbase-mz.122-25.SEE2/
actual image file = c3560-ipbase-mz.122-25.SEE2.bin
if you do a "dir flash:" you will see the directory and in that directory is the actual image file.
It depends on how you loaded the new k9 image. If you loaded he whole directory then you need to use the directory/filename but if you just loaded the actual image file ie. the .bin file then you just use the image name.
To tell the switch which image to boot add this to your config -
boot system flash flash:c3560-ipbasek9-mz.122-25.SEE2/c3560-ipbasek9-mz.122-25.SEE2.bin
the above would be if the new image was in a directory. If it's just file then don't include the directory bit. Note be very careful when entering the above as it needs to match exactly.
One last point. There may already be a boot system flash command in your running config. If there is -
1) remove it with the "no boot system flash ......" command
2) then put the new one in and then add the old string after that separating with a semicolon eg.
boot system flash flash:c3560-ipbasek9-mz.122-25.SEE2/c3560-ipbasek9-mz.122-25.SEE2.bin;flash:c3560-ipbase-mz.122-25.SEE2/c3560-ipbase-mz.122-25.SEE2.bin
Jon
08-21-2011 07:32 PM
Jon
That worked
Thank you very much.
Regards,
Lake
08-21-2011 07:33 PM
Can you please tell me the full crypto key command?
Thanks,
Lake
08-21-2011 08:13 PM
Lake,
The command is
crypto key generate rsaip ssh time-out 60Here is doc to that goes over the SSH installation and how to configure your PC for SSH access
ip ssh authentication-retries 2
http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml
HTH
Reza
08-21-2011 08:38 PM
That worked.
what is the command to enable vty lines for ssh? Can someone please help me with this one more question?
Thanks,
Lake
08-21-2011 08:44 PM
line vty 0 15
transport input ssh or all...
I usually set to ssh only...
Cheers,
Fabio
08-21-2011 09:11 PM
That worked, but it does not like my password.
This is my command:
conf t
username admin password password
I even did:
line vty 0 15
password password
I don't know what is missing
Thanks,
Lake
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide