Solved: Hello

bhoopendra.vishwakarma1 · ‎06-07-2016

Hi Team,

I'm looking for some help, please..

I've deployed a new switch (cisco WS-C3850-48T) with minimal configuration, like an ip address on mgmt interface and vty with trasport input/output as ssh only. I've create a local login say cisco/cisco and enable is cisco.

I'm able to ping the device over the mgmt path and i could a login prompt on putty but it kicks out the session saying Authentication Failure.

Please advise.

Regards

Bhopendra

paul driver · ‎06-07-2016

Hello

Show ip ssh

ip ssh version 2
crypto key generate rsa general-keys modulus 2048
username cisco privilege 15 password cisco

line vty 0 15
transport input ssh
privilege level 15
login local

This should work for you depending you have the correct ios to support SSH

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

stealthey · ‎06-07-2016

At the minimum this will work

conf t
hostname c2960
!
enable secret cisco
!
!
ip domain-name c2960.local
crypto key generate rsa general-keys modulus 2048
ip ssh version 2
username cisco privilege 15 password cisco
aaa new-model
aaa authentication login default local

View solution in original post

johnlloyd_13 · ‎06-07-2016

hi,

did you issue a crypto key generate rsa general-keys modulus 2048 command?

please post a sanitized config.

bhoopendra.vishwakarma1 · ‎06-07-2016

Hello John,

Thank you for your assistance,

Please find the configuration below :

************************* Host name and local login configuraton ************************************
hostname EUACP-SWT1-DR
!
!
username cisco privilege 15 password cisco
enable passowrd level 15 cisco
service password-encryption
!
!

************************* Management Interface and IP address configuration *************************

interface GigabitEthernet0/0
ip address 192.168.182.124 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp

ip default-gateway 192.168.182.121

************************* Console and VTY Configuration : *************

line con 0
session-timeout 5
logging synchronous
login authentication CONSOLE
transport output ssh
line vty 0 4
session-timeout 5
logging synchronous
transport input ssh
transport output ssh
line vty 5 15
session-timeout 5
logging synchronous
transport input ssh
transport output ssh
!

***************************************************************

Yes, i tried generating the crypto, we have used the below command,

crypto key generate rsa general-keys mod 1024

johnlloyd_13 · ‎06-07-2016

hi,

can add below and try again?

line vty 0 15

login local

bhoopendra.vishwakarma1 · ‎06-07-2016

hi John,

Than you, i'll add the above command and try however, how local login would help? i mean i could see the login prompt on putty, please advise

johnlloyd_13 · ‎06-07-2016

hi,

you'll need this line in order to authenticate/SSH to the switch using the created local user database (cisco/cisco).

i'm also puzzled how you're able to see the login prompt even without this line. give it a try first and see if it work.

bhoopendra.vishwakarma1 · ‎06-07-2016

Hi John,

Thank you, i tried adding the additional command but i'm still getting the same response/error.

You can upload the above configuration in GNS3, i'm able to reproduce the same error message...

johnlloyd_13 · ‎06-07-2016

could you post a show version?

bhoopendra.vishwakarma1 · ‎06-07-2016

Hi John,

please find the show version file attached herewith,

Thank you..

johnlloyd_13 · ‎06-07-2016

hi,

can you use other SSH client such as securecrt?

i'm thinking of upgrading the IOS to 3.6.4 as a last resort.

cat3k_caa-universalk9.SPA.03.06.04.E.152-2.E4.bin

https://software.cisco.com/download/release.html?mdfid=284455434&flowid=37772&softwareid=282046477&release=3.6.4E&relind=AVAILABLE&rellifecycle=MD&reltype=latest

bhoopendra.vishwakarma1 · ‎06-07-2016

Thank you John, i tried from my next hope switch but i was getting the same error message.

stealthey · ‎06-07-2016

!

aaa new-model
!
aaa authentication login default local
aaa authentication enable default enable

is missing

stealthey · ‎06-07-2016

At the minimum this will work

conf t
hostname c2960
!
enable secret cisco
!
!
ip domain-name c2960.local
crypto key generate rsa general-keys modulus 2048
ip ssh version 2
username cisco privilege 15 password cisco
aaa new-model
aaa authentication login default local

johnlloyd_13 · ‎06-07-2016

can you post the full config (sanitized) via a show run?

paul driver · ‎06-07-2016

Hello

Show ip ssh

ip ssh version 2
crypto key generate rsa general-keys modulus 2048
username cisco privilege 15 password cisco

line vty 0 15
transport input ssh
privilege level 15
login local

This should work for you depending you have the correct ios to support SSH

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

username and password is not authenticating over ssh

Username y Secret 5 password

Forgot the Cisco Prime SSH Password.

CW9164I-E - Default username/password

MAC authentication and username/password

password less authentication for Cisco switch 350 using ssh key