Any IOS which is a crypto IOS(ssh feature) will have this automatically generated on the switch/router. This crypto is what we use for ssh login. You can also generate one using command 'crypto key generate rsa general-keys modulus 1024 '. Generating RSA Keys Problem You want to create a shareable RSA key for authentication or encryption. Solution First, you must create the keys on both devices. We recommend using at - Selection from Cisco IOS Cookbook, 2nd Edition Book. Crypto key generate rsa general-keys label tokenkey1 storage usbtoken0: The following example specifies the redundancy keyword: Router(config)# crypto key generate rsa label MYKEYS redundancy. The name for the keys will be: MYKEYS Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Steam key generator no survey no password 2013 download.
Show crypto key mypubkey rsa: Shows information about the SSL certificate If you’d like to learn more about on how to configure SSH on a Cisco router I recommend you read through this documentation: Configuring Secure Shell on Routers and Switches Running Cisco IOS. Jul 03, 2015 Configure a Cisco Catalyst 2960-S Switch - Safe to do while in use? I have 2 Cisco Catalyst 2960-S switches that never got configured with an IPUserPassword for management. My primary questions is simply this. (config-line)#exit Switch(config)#ssh version 2 Switch(config)#crypto key generate rsa modulus 1024 Switch(config)#end Switch#.
I have two Cisco Catalyst 2960-S 48-port switches 'stacked' using the Cisco FlexStack module. Originally I had to set them up using 'Express Setup', which I absolutly hate from my limited use of it.
I configured hostnames, ip addresses, and made sure the stack was functioning properly. I tested by plugging in a laptop and making sure it could open an internet page and all was well. I configured each switch exactly the same with the exception (obviously) of the hostname and IP. I then powered them OFF and installed the stacking module and they auto-configured themselves..
Before:
Switch-A (192.168.10.3)
Switch-B (192.168.10.4)
After:
Switch-A (192.168.10.3) Master 1
Switch-B Member 2
What I need and want to do now is setup remote access. If I have to go connect up with a console cable to configure that's fine, but I'm not sure if I need to..
If I open PuTTY and use Telnet to connect it states 'password required, but none set' and the PuTTY window closes.
If I open PuTTY and use SSH to connect it prompts me 'login as:'
If I press enter (@192.168.10.3's password:) it proceeds to prompt me for a password, which entering the password I used to setup the switch I receive 'access denied'.
I know I didn't configure SSH or Telnet for that matter when I initially set these up. I want to fix that now.
I want SSH (v2) enabled and I want to disable Telnet.
Any suggestions?
First you have to make sure you are running a version of code that has encryption. See my previous article for instructions on how to upgrade the code. Once your code is upgraded, here are the steps to enable SSH on a Cisco 2950.
2 4 6 8 10 12 14 16 18 20 | switch-2950-1.tuxlabs.com#show crypto key mypubkey rsa Usage:General Purpose Key 30819F300D06092A864886F70D010101050003818D0030818902818100E6AA25 8DB58145F882CD0BC62F5123AB0064A6A09BD636FA854D82B1510A313A00606E 00F601F1ECF64FCC0F516E73E80E09619CCCE91B5C3D59194803B80504AC2633 9D0A32E80196F5725CE9FFF4A5C27FC4698DE75BF057380422D0CCFE58936F4E 5BE394F43BDED1ACDC1BF1C95E71ABD534F1C21ECDA47B7E72D40C346B0203010001 Key name:switch-2950-1.tuxlabs.com.tuxlabs.com.server Key Data: 307C300D06092A864886F70D0101010500036B0030680261009F33542ECB6FB6 7A19D04D929FEB3805145D39C9DB6CAB5AC1A26214FEFFBCDE6E5FA98565BEA6 1A888A92C7D1ED2E DB8D3894 D972C9AE853DFB988261D5180F8A994C9293C49C 0E946A950F89EA0845E4DCB774F5A23CCDC5938C CD01C6C14D0203010001 |
Wow 1993, feels good to be a time machine 🙂
2 4 6 8 10 12 14 | Enter configuration commands,one per line.Endwith CNTL/Z. switch-2950-1.tu(config-line)#login local switch-2950-1.tu(config-line)#line vty 5 15 switch-2950-1.tu(config-line)#transport input ssh switch-2950-1.tuxlabs(config)#exit Building configuration... switch-2950-1.tuxlabs.com# |
When you’re running telnet you don’t need a username. But when you are using SSH, you do.
2 4 6 8 10 12 | The authenticity of host'switch-2950-1.tuxlabs.com (192.168.1.2)'can't be established. RSA key fingerprint is 21:6b:44:bb:24:ff:ef:14:9d:f2:00:44:64:3d:3b:f8. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'switch-2950-1.tuxlabs.com,192.168.1.2' (RSA) to the list of known hosts. switch-2950-1.tuxlabs.com#show privilege switch-2950-1.tuxlabs.com#exit ➜~ |
Awesome ! That concludes this short tutorial.