cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1890
Views
0
Helpful
8
Replies

ssh to switch refused

robertkwild
Spotlight
Spotlight

hi all,

when i try to ssh in to a switch i get a connection refused on port 22

ssh robert@10.110.10.4
ssh: connect to host 10.110.10.4 port 22: Connection refused

thanks,

rob

8 Replies 8

Leo Laohoo
Hall of Fame
Hall of Fame

ACL

Blue_Bird
VIP
VIP

Hello robertkwild,

issue show ip ssh command to verify ssh is enabled or disabled...if it is enabled, check for transport input ssh under line vty mode.

Here is the sample configuration:

username admin password xxxxx
ip domain-name xyzcorp.com
crypto key generate rsa
ip ssh version 2
line vty 0 4
login local
transport input shh

if you think configuration fine..check any acl is blocking ssh..show ip access-list

Best regards
******* If This Helps, Please Rate *******

Dont use port 

If you not success 

Show tcp breif  <<- share it here 

MHM

M02@rt37
VIP
VIP

Hello @robertkwild 

SSH access is managed through the vty lines, which are the virtual ports used for remote access. Ensure that the vty lines are properly configured to allow SSH as a transport protocol. If vty lines are not configured to allow SSH, you will not be able to establish an SSH session, even if SSH is enabled globally on the switch.

transport input ssh command under vty lines

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

rob

There are a number of things that could cause the symptoms you describe:

- it is possible that ssh is not enabled on that switch. The output of the command show ip ssh would clarify whether it is enabled or not (and could clarify is a particular version of SSH  is needed).

- it is possible that the vty lines have been configured to restrict access. The output of the command show run | sec vty might clarify this.

- there are several other things that could impact your attempt with SSH and the best thing would be for you to post the output of show run (with any sensitive information Publib IP, passwords, etc) obscured.

HTH

Rick

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello @robertkwild ,

depending on the ACL invoked under the line vty you may be not authorized to login from the source IP address of the device/PC you have made your attempt from.

A common case is that the ACL allows to perfom SSH from one or few management subnets and for example this does not allow to jump from one switch to another because the source IP address will be not permitted by that ACL.

I don't know if this is your case or you are using a linux server.

Hope to help

Giuseppe

 

Deepak Kumar
VIP Alumni
VIP Alumni

Hi,

Everyone has suggested multiple steps and he should look for it however a summary checklist could be 

1) run the "show IP ssh" command and look for two values "ssh enabled" and version 

2) if SSH is not enabled then try to enable it. Multiple steps, let me know if you need them. 

3) check your line vty configuration "show run | sec line vty".  What is configured for transport input with transport input, is it allowed?, also check for "access-group". Can you see any acl configured there?

4) If there is an ACL, then check for ACL configuration, you should not block yourself by mistake in the ACL. you can share sho IP access-list output along with your laptop/desktop IP. 

5) Do you have any firewall between you and your switch? Are you allowed to access SSH by firewall rules/ACLs?

There are a few more steps to check but I think those are just basic and share your output with us. 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

robertkwild
Spotlight
Spotlight

thanks for all the advice, i think its the ACL list now you guys have jogged my memory, il try next time i can console in the switch