Re: Configuring SSH on 7200 - 12.0(15)S

From: [Put-your-name-here] (lmnguyen@UU.NET)
Date: Thu Feb 08 2001 - 13:15:14 EST

Sam,

Read the link posted. SSH has nothing to do with aaa-new model
command. You can authenticate locally within the router
like enter
username sam password sam,
line vty 0 4
transport input ssh
login local

Here's something from the link....
"Before configuring the SSH server, you must generate a RSA key-pair for
the router. When you generate an RSA key-pair for the router, you
automatically enable SSH. When you delete the RSA key-pair, you
automatically disable the SSH server."

The original guy probably didn't get it to work because he didn't specify
login local on those vtys.

At 11:26 AM 2/8/2001 -0600, Sam Munzani wrote:
>I tried for days lust like you and this is conclusion.
>Until you activate aaa new-model you don't even get following commands.
>
>(config)ip ssh ?
>
>Try that and you will figure it out.
>
>Sam
>
> > Sam,
> > According to CCO it works with local security OR AAA....
> >
> > See -
> >
>http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121
> > t/121t1/sshv1.htm
> >
> > -----Original Message-----
> > From: Sam Munzani [mailto:sam@munzani.com]
> > Sent: Thursday, February 08, 2001 5:55 PM
> > To: Murphy, Brian J SSI-ISET-31; Cisco Mail (E-mail); Cisco NSP List
> > (E-mail); Ccie List (E-mail)
> > Subject: Re: Configuring SSH on 7200 - 12.0(15)S
> >
> > Where is your AAA commands. SSH only works with AAA.
> >
> > Sam
> > ----- Original Message -----
> > From: "Murphy, Brian J SSI-ISET-31" <Brian.J.Murphy@is.shell.com>
> > To: "Cisco Mail (E-mail)" <cisco@spot.colorado.edu>; "Cisco NSP List
> > (E-mail)" <cisco-nsp@puck.nether.net>; "Ccie List (E-mail)"
> > <ccielab@groupstudy.com>
> > Sent: Thursday, February 08, 2001 10:26 AM
> > Subject: Configuring SSH on 7200 - 12.0(15)S
> >
> >
> > > People,
> > > Wondering if you can help me, im trying to get SSH working, but for some
> > > reason it will not work....
> > >
> > > Router is running -
> > >
> > > IOS (tm) 7200 Software (C7200-K4P-M), Version 12.0(15)S, EARLY
>DEPLOYMENT
> > > RELEASE SOFTWARE (fc1)
> > >
> > > Below you can find the information from the client and router during the
> > SSH
> > > conversation......
> > >
> > > Client end :
> > > ovmngr4:/local/apps/ssh/bin>./ssh -v -c 3des -l snbmu4
> > > NLPATMP029.net-equip.shell.net
> > > SSH Version 1.2.27 [hppa1.1-hp-hpux10.20], protocol version 1.5.
> > > Standard version. Does not use RSAREF.
> > > ovmngr4: Reading configuration data /etc/ssh_config
> > > ovmngr4: ssh_connect: getuid 10578 geteuid 10578 anon 1
> > > ovmngr4: Connecting to NLPATMP029.net-equip.shell.net [134.146.255.195]
> > port
> > > 22.
> > > ovmngr4: Connection established.
> > > ovmngr4: Remote protocol version 1.5, remote software version Cisco-1.25
> > > ovmngr4: Waiting for server public key.
> > > ovmngr4: Received server public key (768 bits) and host key (2048 bits).
> > > ovmngr4: Host 'nlpatmp029.net-equip.shell.net' is known and matches the
> > host
> > > key.
> > > ovmngr4: Initializing random; seed file
> > /local/users/snbmu4/.ssh/random_seed
> > > ovmngr4: Encryption type: 3des
> > > ovmngr4: Sent encrypted session key.
> > > ovmngr4: Installing crc compensation attack detector.
> > > ovmngr4: Received encrypted confirmation.
> > > ovmngr4: Doing password authentication.
> > > snbmu4@nlpatmp029.net-equip.shell.net's password:
> > > Permission denied.
> > >
> > > Router end:
> > >
> > > Feb 8 16:21:06.637: SSH3: starting SSH control process
> > > Feb 8 16:21:06.641: SSH1: sent protocol version id SSH-1.5-Cisco-1.25
> > > Feb 8 16:21:06.641: SSH1: received protocol version id SSH-1.5-1.2.27
> > > Feb 8 16:21:06.645: SSH1: SSH_SMSG_PUBLIC_KEY message sent
> > > Feb 8 16:21:06.697: SSH1: SSH_CMSG_SESSION_KEY message received
> > > Feb 8 16:21:08.289: SSH1: keys exchanged and encryption on
> > > Feb 8 16:21:08.293: SSH1: SSH_CMSG_USER message received
> > > Feb 8 16:21:08.293: SSH1: authentication request for userid snbmu4
> > > Feb 8 16:21:08.293: SSH1: invalid old access type configured - 0x01
> > > Feb 8 16:21:08.293: SSH1: SSH_SMSG_FAILURE message sent
> > > Feb 8 16:21:10.357: SSH1: SSH_SMSG_FAILURE message sent
> > > Feb 8 16:21:10.357: SSH1: authentication failed for snbmu4 (code=3)
> > > Feb 8 16:21:10.461: SSH1: Send failed in ssh_close() - status 0x03
> > > Feb 8 16:21:10.461: SSH1: Session terminated normally
> > >
> > > SSH config on router:
> > >
> > > ...cut...
> > > username snbmu4 password <password>
> > > ...cut...
> > > ip ssh time-out 120
> > > ip ssh authentication-retries 3
> > > ...cut...
> > > line vty 0 4
> > > ...cut...
> > > transport input telnet ssh
> > > transport output telnet ssh
> > >
> > > _______________________________________________________
> > > To unsubscribe from the CCIELAB list, send a message to
> > > majordomo@groupstudy.com with the body containing:
> > > unsubscribe ccielab

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:27 EDT