RE: Configuring SSH on 7200 - 12.0(15)S

From: Murphy, Brian J SSI-ISET-31 (Brian.J.Murphy@is.shell.com)
Date: Thu Feb 08 2001 - 12:06:41 EST


Ah.... Got it!!!

Aaa new-model
Aaa authentication login default local

Argghhh stupid!

Thanks for making me think! And sorry to bother you lot!

Brian
Stupid Engineer.....

 -----Original Message-----
From: Murphy, Brian J SSI-ISET-31
Sent: Thursday, February 08, 2001 5:59 PM
To: 'Sam Munzani'; Cisco Mail (E-mail); Cisco NSP List (E-mail); Ccie
List (E-mail)
Subject: RE: Configuring SSH on 7200 - 12.0(15)S

Sam,
According to CCO it works with local security OR AAA....

See -
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121
t/121t1/sshv1.htm

 -----Original Message-----
From: Sam Munzani [mailto:sam@munzani.com]
Sent: Thursday, February 08, 2001 5:55 PM
To: Murphy, Brian J SSI-ISET-31; Cisco Mail (E-mail); Cisco NSP List
(E-mail); Ccie List (E-mail)
Subject: Re: Configuring SSH on 7200 - 12.0(15)S

Where is your AAA commands. SSH only works with AAA.

Sam
----- Original Message -----
From: "Murphy, Brian J SSI-ISET-31" <Brian.J.Murphy@is.shell.com>
To: "Cisco Mail (E-mail)" <cisco@spot.colorado.edu>; "Cisco NSP List
(E-mail)" <cisco-nsp@puck.nether.net>; "Ccie List (E-mail)"
<ccielab@groupstudy.com>
Sent: Thursday, February 08, 2001 10:26 AM
Subject: Configuring SSH on 7200 - 12.0(15)S

> People,
> Wondering if you can help me, im trying to get SSH working, but for some
> reason it will not work....
>
> Router is running -
>
> IOS (tm) 7200 Software (C7200-K4P-M), Version 12.0(15)S, EARLY DEPLOYMENT
> RELEASE SOFTWARE (fc1)
>
> Below you can find the information from the client and router during the
SSH
> conversation......
>
> Client end :
> ovmngr4:/local/apps/ssh/bin>./ssh -v -c 3des -l snbmu4
> NLPATMP029.net-equip.shell.net
> SSH Version 1.2.27 [hppa1.1-hp-hpux10.20], protocol version 1.5.
> Standard version. Does not use RSAREF.
> ovmngr4: Reading configuration data /etc/ssh_config
> ovmngr4: ssh_connect: getuid 10578 geteuid 10578 anon 1
> ovmngr4: Connecting to NLPATMP029.net-equip.shell.net [134.146.255.195]
port
> 22.
> ovmngr4: Connection established.
> ovmngr4: Remote protocol version 1.5, remote software version Cisco-1.25
> ovmngr4: Waiting for server public key.
> ovmngr4: Received server public key (768 bits) and host key (2048 bits).
> ovmngr4: Host 'nlpatmp029.net-equip.shell.net' is known and matches the
host
> key.
> ovmngr4: Initializing random; seed file
/local/users/snbmu4/.ssh/random_seed
> ovmngr4: Encryption type: 3des
> ovmngr4: Sent encrypted session key.
> ovmngr4: Installing crc compensation attack detector.
> ovmngr4: Received encrypted confirmation.
> ovmngr4: Doing password authentication.
> snbmu4@nlpatmp029.net-equip.shell.net's password:
> Permission denied.
>
> Router end:
>
> Feb 8 16:21:06.637: SSH3: starting SSH control process
> Feb 8 16:21:06.641: SSH1: sent protocol version id SSH-1.5-Cisco-1.25
> Feb 8 16:21:06.641: SSH1: received protocol version id SSH-1.5-1.2.27
> Feb 8 16:21:06.645: SSH1: SSH_SMSG_PUBLIC_KEY message sent
> Feb 8 16:21:06.697: SSH1: SSH_CMSG_SESSION_KEY message received
> Feb 8 16:21:08.289: SSH1: keys exchanged and encryption on
> Feb 8 16:21:08.293: SSH1: SSH_CMSG_USER message received
> Feb 8 16:21:08.293: SSH1: authentication request for userid snbmu4
> Feb 8 16:21:08.293: SSH1: invalid old access type configured - 0x01
> Feb 8 16:21:08.293: SSH1: SSH_SMSG_FAILURE message sent
> Feb 8 16:21:10.357: SSH1: SSH_SMSG_FAILURE message sent
> Feb 8 16:21:10.357: SSH1: authentication failed for snbmu4 (code=3)
> Feb 8 16:21:10.461: SSH1: Send failed in ssh_close() - status 0x03
> Feb 8 16:21:10.461: SSH1: Session terminated normally
>
> SSH config on router:
>
> ...cut...
> username snbmu4 password <password>
> ...cut...
> ip ssh time-out 120
> ip ssh authentication-retries 3
> ...cut...
> line vty 0 4
> ...cut...
> transport input telnet ssh
> transport output telnet ssh
>
> _______________________________________________________
> To unsubscribe from the CCIELAB list, send a message to
> majordomo@groupstudy.com with the body containing:
> unsubscribe ccielab



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:27 EDT