04-07-2021 01:55 PM - edited 07-05-2021 01:07 PM
I am trying to SSH C9800-L but it shows permission denied. The same credentials work for Web GUI login.
WLC#show ip int br
Interface IP-Address OK? Method Status Protocol
Tw0/0/0 unassigned YES unset up up
Tw0/0/1 unassigned YES unset down down
Tw0/0/2 unassigned YES unset down down
Tw0/0/3 unassigned YES unset down down
Te0/1/0 unassigned YES unset down down
Te0/1/1 unassigned YES unset down down
GigabitEthernet0 192.168.100.10 YES TFTP up up
Vlan1 10.10.10.11 YES NVRAM up up
WLC#
admin@192.168.100.10's password:
Permission denied, please try again later
I have enabled SSH using below commands :
WLC#config t
Enter configuration commands, one per line. End with CNTL/Z.
WLC(config)#ip ssh version 2
WLC(config)#ip ssh time-out 90
WLC(config)#ip ssh authentication-retries 2
WLC(config)#line vty 1 10
WLC(config-line)#transport input ssh
Would really appreciate any help!
Thanks
Solved! Go to Solution.
04-07-2021 05:18 PM
Try adding:
aaa authentication login default local aaa authorization exec default local
04-07-2021 02:44 PM
Pls post "show ip ssh" output.
I assume you have the below command and generate required key for SSH
crypto key generate rsa
HTH
Rasika
*** Pls rate all useful responses ***
04-07-2021 03:05 PM
hello Rasika,
Thanks for your response. Yes I have generated key using 'Crypto key generate rsa' command.
WLC#show ip ssh
SSH Enabled - version 2.0
Authentication methods:publickey,keyboard-interactive,password
Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,x509v3-ecdsa-sha2-nistp256,x509v3-ecdsa-sha2-nistp384,x509v3-ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512
Hostkey Algorithms:x509v3-ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-rsa
Encryption Algorithms:aes128-gcm,aes256-gcm,aes128-ctr,aes192-ctr,aes256-ctr
MAC Algorithms:hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512
KEX Algorithms:ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1
Authentication timeout: 90 secs; Authentication retries: 5
Minimum expected Diffie Hellman key size : 2048 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded): TP-self-signed-2860499199
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWCzY7X6J2NkLc/1lW66CKpJHxMn5EclND8NKswiiN
peV5DYkwrefeUr34Z3LG50FDkXh1TwxW2GeLaKcTerCgOd8hMIds02mzFb6c+gDUYgC7I4IZXmq4zs01
PAGkwPV+bkGAaerazNLlfvh0f18lQeWSOk3qXz1O7P/zVx9lilOUf3WRxG3FBTkBbz+bfIjok49HnooH
yViedkl9AHcVL+JWsHjMccihRjAkaiEqi9A1/nZ2+7UdIIYR3CZmj85CSpnKz2/ppbQyvtI5rrD6CYjz
+96v+7rTlDFLmMwD42Q74TUEIfF6clxR/bphhqe38a0WZYJSUTf4cW2tgZzT
WLC#
WLC#show ssh
Connection Version Mode Encryption Hmac State Username
0 2.0 IN aes256-ctr hmac-sha2-256 Keys exchanged admin
0 2.0 OUT aes256-ctr hmac-sha2-256 Keys exchanged admin
04-07-2021 03:04 PM - edited 04-07-2021 03:07 PM
WLC#show ssh
Connection Version Mode Encryption Hmac State Username
0 2.0 IN aes256-ctr hmac-sha2-256 Keys exchanged admin
0 2.0 OUT aes256-ctr hmac-sha2-256 Keys exchanged admin
04-07-2021 04:03 PM
what version of the software is it on your 9800 ?
Do you use priviledge15 local user for SSH?
For testing create a privilege 15 user like below and give it a try
username <username> privilege 15 secret <password>
HTH
Rasika
04-07-2021 05:18 PM
Try adding:
aaa authentication login default local aaa authorization exec default local
04-20-2021 01:23 PM
Thanks Craig. This resolved the issue.
10-11-2021 06:47 AM
Before you run those two commands, you may need to run "aaa new-model" if you have not already done so.
08-04-2022 12:47 PM
Just needed this too after setting up a fresh 9800-CL with 17.9.1. Did the initial setup wizard.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: