cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9395
Views
38
Helpful
8
Replies

Not able to SSH C9800-L, getting permission denied

BhushanRam99337
Level 1
Level 1

I am trying to SSH C9800-L but it shows permission denied. The same credentials work for Web GUI login. 

 

WLC#show ip int br
Interface IP-Address OK? Method Status Protocol
Tw0/0/0 unassigned YES unset up up
Tw0/0/1 unassigned YES unset down down
Tw0/0/2 unassigned YES unset down down
Tw0/0/3 unassigned YES unset down down
Te0/1/0 unassigned YES unset down down
Te0/1/1 unassigned YES unset down down
GigabitEthernet0 192.168.100.10 YES TFTP up up
Vlan1 10.10.10.11 YES NVRAM up up
WLC#

 

admin@192.168.100.10's password:

Permission denied, please try again later

 

I have enabled SSH using below commands :

WLC#config t

Enter configuration commands, one per line.  End with CNTL/Z.

WLC(config)#ip ssh version 2

WLC(config)#ip ssh time-out 90

WLC(config)#ip ssh authentication-retries 2

WLC(config)#line vty 1 10

WLC(config-line)#transport input ssh

 

Would really appreciate any help!

 

Thanks

1 Accepted Solution

Accepted Solutions

craig.beck
Level 1
Level 1

Try adding:

 

aaa authentication login default local
aaa authorization exec default local

View solution in original post

8 Replies 8

Pls post "show ip ssh" output.

 

I assume you have the below command and generate required key for SSH

https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/config-guide/b_wl_16_10_cg/secure-shell.html 

crypto key generate rsa

HTH

Rasika

*** Pls rate all useful responses ***

hello Rasika,

Thanks for your response. Yes I have generated key using 'Crypto key generate rsa' command.

WLC#show ip ssh
SSH Enabled - version 2.0
Authentication methods:publickey,keyboard-interactive,password
Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,x509v3-ecdsa-sha2-nistp256,x509v3-ecdsa-sha2-nistp384,x509v3-ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512
Hostkey Algorithms:x509v3-ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-rsa
Encryption Algorithms:aes128-gcm,aes256-gcm,aes128-ctr,aes192-ctr,aes256-ctr
MAC Algorithms:hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512
KEX Algorithms:ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1
Authentication timeout: 90 secs; Authentication retries: 5
Minimum expected Diffie Hellman key size : 2048 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded): TP-self-signed-2860499199
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWCzY7X6J2NkLc/1lW66CKpJHxMn5EclND8NKswiiN
peV5DYkwrefeUr34Z3LG50FDkXh1TwxW2GeLaKcTerCgOd8hMIds02mzFb6c+gDUYgC7I4IZXmq4zs01
PAGkwPV+bkGAaerazNLlfvh0f18lQeWSOk3qXz1O7P/zVx9lilOUf3WRxG3FBTkBbz+bfIjok49HnooH
yViedkl9AHcVL+JWsHjMccihRjAkaiEqi9A1/nZ2+7UdIIYR3CZmj85CSpnKz2/ppbQyvtI5rrD6CYjz
+96v+7rTlDFLmMwD42Q74TUEIfF6clxR/bphhqe38a0WZYJSUTf4cW2tgZzT
WLC#
WLC#show ssh
Connection Version Mode Encryption Hmac State Username
0 2.0 IN aes256-ctr hmac-sha2-256 Keys exchanged admin
0 2.0 OUT aes256-ctr hmac-sha2-256 Keys exchanged admin

BhushanRam99337
Level 1
Level 1


WLC#show ssh
Connection Version Mode Encryption Hmac State Username
0 2.0 IN aes256-ctr hmac-sha2-256 Keys exchanged admin
0 2.0 OUT aes256-ctr hmac-sha2-256 Keys exchanged admin

what version of the software is it on your 9800 ? 

Do you use priviledge15 local user for SSH?

For testing create a privilege 15 user like below and give it a try

username <username> privilege 15 secret <password>

 

HTH

Rasika

craig.beck
Level 1
Level 1

Try adding:

 

aaa authentication login default local
aaa authorization exec default local

Thanks Craig. This resolved the issue.

Before you run those two commands, you may need to run "aaa new-model" if you have not already done so. 

Just needed this too after setting up a fresh 9800-CL with 17.9.1. Did the initial setup wizard. 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: