cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9632
Views
8
Helpful
7
Replies

9800-CL ssh connection refused

c.walsh
Level 3
Level 3

I am having problems connecting via SSH to a 9800-CL in my lab environment.

There are NO firewalls between devices!

Configuration on WLC is as follows...

 

hostname WLC001
!
aaa new-model
!
aaa authentication login default local
aaa authorization exec default local
aaa authorization exec net local
!
ip domain name SDNDEV
!
username admin privilege 15 secret 9 $9$a6E.ZhqApsopn.$bxfqx/BG89wWhxUHhD8ywwZgu5AT1LtaOTPNRvImKbo
!
ip ssh rsa keypair-name ssh-key
ip ssh version 2
!
line con 0
stopbits 1
line vty 0 4
transport input telnet ssh
line vty 5 15
transport input telnet ssh

 

Crypto key is generated...

WLC001#show crypto key mypubkey rsa
% Key pair was generated at: 14:11:57 British May 29 2020
Key name: WLC001.SDNDEV
Key type: RSA KEYS
Storage Device: not specified
Usage: General Purpose Key
Key is not exportable. Redundancy enabled.
Key Data:
30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101
00BA885E 58B4EF5B E56D87A6 2C4CF7FD 3C89A306 AA2D894E 1A09EBD6 CB7C2DB1
A149D200 BC499927 0F9551D7 0CE04786 F158A955 B0D26C85 2E2FFD3D 193DFD24
375B90C5 8A3212C5 C5A0A1E8 F2DFB5AC AA80B4F0 9B49C385 F67CD4BD 47CD0AFD
A65C525F 4EFF51BE 46840DA4 64A67EF3 EA8F01C7 229E2072 58F5A658 7EFDA0C3
D41522A2 2DE74FE3 12F2CCE7 58AECC06 8ED483F6 B4F210DE D2F7A32C CAF91E26
510E8999 787EF655 AC288965 62D52761 F9568DF1 141ADDBD 562E1E2F 89C4A517
C785E446 B9CDB74F 90AEC35E 29B5515A 00F1E70F 23AC1FA8 0CC4FC02 36F9FAEF
F9B8DDA1 170E7CD2 35AF7650 9D06B5B1 FDDBD5FE 87C93FA6 E9CE7C14 291D68A2
3B020301 0001
WLC001#

 

Telnet is working, which proves connectivty, am i missing something specific to the WLC?

 

7 Replies 7

Rafael E
Cisco Employee
Cisco Employee

an you check output for: 

 

sh ip ssh

Saludos,
Rafael - TAC

Hi Rafael...

     
WLC001#show ip ssh
SSH Disabled - version 2.0
%Please create RSA keys to enable SSH (and of atleast 768 bits for SSH v2).

 

I have created the key, is there a manual command to enable SSH as i don't know of one?

you need the following to enable ssh on a IOS / IOS-XE device

 

conf t

hostname <name>

ip domain-name <name>

crypto key generate rss   —— create a key

ip ssh version 2

Saludos,
Rafael - TAC

Hi Rafael,

    I have already added all those commands, see the initial post.

That is what i cannot understand why SSH is disabled?

WLC001(config)#do sh ip ssh
SSH Disabled - version 2.0
%Please create RSA keys to enable SSH (and of atleast 768 bits for SSH v2).
Authentication methods:publickey,keyboard-interactive,password
Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa
Hostkey Algorithms:x509v3-ssh-rsa,ssh-rsa
Encryption Algorithms:aes128-ctr,aes192-ctr,aes256-ctr
MAC Algorithms:hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96
KEX Algorithms:diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 2048 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded): NONE
WLC001(config)#crypto key gen rsa mod 2048
% You already have RSA keys defined named WLC001.SDNDEV.
% They will be replaced.

% The key modulus size is 2048 bits
% Generating 2048 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 1 seconds)

WLC001(config)#do show ip ssh
SSH Disabled - version 2.0
%Please create RSA keys to enable SSH (and of atleast 768 bits for SSH v2).
Authentication methods:publickey,keyboard-interactive,password
Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa
Hostkey Algorithms:x509v3-ssh-rsa,ssh-rsa
Encryption Algorithms:aes128-ctr,aes192-ctr,aes256-ctr
MAC Algorithms:hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96
KEX Algorithms:diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 2048 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded): NONE
WLC001(config)#

can you attach the show tech?

Saludos,
Rafael - TAC

Hi Rafael,

    I have resolved this issue by using the following commands...

WLC001(config)#crypto key generate rsa label SSH-KEY modulus 1024
The name for the keys will be: SSH-KEY


% The key modulus size is 1024 bits
% Generating 1024 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 2 seconds)

WLC001(config)#ip ssh rsa keypair-name SSH-KEY
WLC0011(config)#do sh ip ssh

SSH Enabled - version 2.0

Review Cisco Networking for a $25 gift card