RE: Configuring SSH on 7200 - 12.0(15)S

From: Daniel Golding (dan@netrail.net)
Date: Thu Feb 08 2001 - 13:40:41 EST


This is really odious. The existance of an RSA key should be displayed in
the configuration. The fact that it's hidden is a real pain.

- Dan Golding

> -----Original Message-----
> From: [Put-your-name-here] [mailto:lmnguyen@UU.NET]
> Sent: Thursday, February 08, 2001 1:15 PM
> To: Sam Munzani; Murphy, Brian J SSI-ISET-31; Cisco Mail (E-mail); Cisco
> NSP List (E-mail); Ccie List (E-mail)
> Subject: Re: Configuring SSH on 7200 - 12.0(15)S
>
>
> Sam,
>
> Read the link posted. SSH has nothing to do with aaa-new model
> command. You can authenticate locally within the router
> like enter
> username sam password sam,
> line vty 0 4
> transport input ssh
> login local
>
> Here's something from the link....
> "Before configuring the SSH server, you must generate a RSA key-pair for
> the router. When you generate an RSA key-pair for the router, you
> automatically enable SSH. When you delete the RSA key-pair, you
> automatically disable the SSH server."
>
> The original guy probably didn't get it to work because he didn't specify
> login local on those vtys.
>
>
>
> At 11:26 AM 2/8/2001 -0600, Sam Munzani wrote:
> >I tried for days lust like you and this is conclusion.
> >Until you activate aaa new-model you don't even get following commands.
> >
> >(config)ip ssh ?
> >
> >Try that and you will figure it out.
> >
> >Sam
> >
> > > Sam,
> > > According to CCO it works with local security OR AAA....
> > >
> > > See -
> > >
> >http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/1
> 21newft/121
> > > t/121t1/sshv1.htm
> > >
> > > -----Original Message-----
> > > From: Sam Munzani [mailto:sam@munzani.com]
> > > Sent: Thursday, February 08, 2001 5:55 PM
> > > To: Murphy, Brian J SSI-ISET-31; Cisco Mail (E-mail); Cisco NSP List
> > > (E-mail); Ccie List (E-mail)
> > > Subject: Re: Configuring SSH on 7200 - 12.0(15)S
> > >
> > > Where is your AAA commands. SSH only works with AAA.
> > >
> > > Sam
> > > ----- Original Message -----
> > > From: "Murphy, Brian J SSI-ISET-31" <Brian.J.Murphy@is.shell.com>
> > > To: "Cisco Mail (E-mail)" <cisco@spot.colorado.edu>; "Cisco NSP List
> > > (E-mail)" <cisco-nsp@puck.nether.net>; "Ccie List (E-mail)"
> > > <ccielab@groupstudy.com>
> > > Sent: Thursday, February 08, 2001 10:26 AM
> > > Subject: Configuring SSH on 7200 - 12.0(15)S
> > >
> > >
> > > > People,
> > > > Wondering if you can help me, im trying to get SSH working,
> but for some
> > > > reason it will not work....
> > > >
> > > > Router is running -
> > > >
> > > > IOS (tm) 7200 Software (C7200-K4P-M), Version 12.0(15)S, EARLY
> >DEPLOYMENT
> > > > RELEASE SOFTWARE (fc1)
> > > >
> > > > Below you can find the information from the client and
> router during the
> > > SSH
> > > > conversation......
> > > >
> > > > Client end :
> > > > ovmngr4:/local/apps/ssh/bin>./ssh -v -c 3des -l snbmu4
> > > > NLPATMP029.net-equip.shell.net
> > > > SSH Version 1.2.27 [hppa1.1-hp-hpux10.20], protocol version 1.5.
> > > > Standard version. Does not use RSAREF.
> > > > ovmngr4: Reading configuration data /etc/ssh_config
> > > > ovmngr4: ssh_connect: getuid 10578 geteuid 10578 anon 1
> > > > ovmngr4: Connecting to NLPATMP029.net-equip.shell.net
> [134.146.255.195]
> > > port
> > > > 22.
> > > > ovmngr4: Connection established.
> > > > ovmngr4: Remote protocol version 1.5, remote software
> version Cisco-1.25
> > > > ovmngr4: Waiting for server public key.
> > > > ovmngr4: Received server public key (768 bits) and host key
> (2048 bits).
> > > > ovmngr4: Host 'nlpatmp029.net-equip.shell.net' is known and
> matches the
> > > host
> > > > key.
> > > > ovmngr4: Initializing random; seed file
> > > /local/users/snbmu4/.ssh/random_seed
> > > > ovmngr4: Encryption type: 3des
> > > > ovmngr4: Sent encrypted session key.
> > > > ovmngr4: Installing crc compensation attack detector.
> > > > ovmngr4: Received encrypted confirmation.
> > > > ovmngr4: Doing password authentication.
> > > > snbmu4@nlpatmp029.net-equip.shell.net's password:
> > > > Permission denied.
> > > >
> > > > Router end:
> > > >
> > > > Feb 8 16:21:06.637: SSH3: starting SSH control process
> > > > Feb 8 16:21:06.641: SSH1: sent protocol version id
> SSH-1.5-Cisco-1.25
> > > > Feb 8 16:21:06.641: SSH1: received protocol version id
> SSH-1.5-1.2.27
> > > > Feb 8 16:21:06.645: SSH1: SSH_SMSG_PUBLIC_KEY message sent
> > > > Feb 8 16:21:06.697: SSH1: SSH_CMSG_SESSION_KEY message received
> > > > Feb 8 16:21:08.289: SSH1: keys exchanged and encryption on
> > > > Feb 8 16:21:08.293: SSH1: SSH_CMSG_USER message received
> > > > Feb 8 16:21:08.293: SSH1: authentication request for userid snbmu4
> > > > Feb 8 16:21:08.293: SSH1: invalid old access type configured - 0x01
> > > > Feb 8 16:21:08.293: SSH1: SSH_SMSG_FAILURE message sent
> > > > Feb 8 16:21:10.357: SSH1: SSH_SMSG_FAILURE message sent
> > > > Feb 8 16:21:10.357: SSH1: authentication failed for snbmu4 (code=3)
> > > > Feb 8 16:21:10.461: SSH1: Send failed in ssh_close() - status 0x03
> > > > Feb 8 16:21:10.461: SSH1: Session terminated normally
> > > >
> > > > SSH config on router:
> > > >
> > > > ...cut...
> > > > username snbmu4 password <password>
> > > > ...cut...
> > > > ip ssh time-out 120
> > > > ip ssh authentication-retries 3
> > > > ...cut...
> > > > line vty 0 4
> > > > ...cut...
> > > > transport input telnet ssh
> > > > transport output telnet ssh
> > > >
> > > > _______________________________________________________
> > > > To unsubscribe from the CCIELAB list, send a message to
> > > > majordomo@groupstudy.com with the body containing:
> > > > unsubscribe ccielab
>



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:27 EDT