Enabling SSH on Cisco 4507

Similar Messages

• Enabling SSH on SG300-20

  I had some issues with this, and was not able to find an answer in the help or searching the web. In order to help the next person, here are the instructions:
  I have a brand new SG 300-20 switch, and I am attempting to add ssh to the login capabilities.
  Using the web interface I have enabled SSH Service in the Security-TCP/UDP Services.
  I am not able to access ssh, port scans (nmap) also do not show port 22 open.
  The missing key is the generation of SSH crypto keys.
  1. Using the web interface enabled telnet in the Security-TCP/UDP Services section
  2. Log in via telnet
  3. Traverse tree to : System Configuration Menu - Management Settings - SSH Configuration - SSH Crypto Key Generation
  4. Choose the Execute action.
  That's it.
  ssh away !

  Hi
  I used your method to generate a RSA key.
  I gotta say when i had a look at the algorithm used, as per the screen capture below.
  I saw AES256 with Cipher block chaining.. sure looks pretty darn secure.
  US government standards body produced the following;
  http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf
  According to section 2 of that document i am pretty happy  and not concerned, cipher block chaining of AES-256.
  This is very strong encryption..
  I have attached a SSH wireshark capture of my SSH exchange between my PC and my SG300-10P
  If you get can figure my userid, i will absolutely forward this posting to the Cisco Small Business Switch Product management team for immediate action .
  regards Dave

• Configuring SSH on Cisco uBR7246VXR? Please help

  I have a Empty startup-config file on my ubr7. I need to enable shh so i can ssh to the uBR without  being physicaly next to it. Im am told i should enable Radius?. Does anyone have an idea how i can do this? 

  I have never used/configured that particular type of hardware but if it runs Cisco IOS then you can follow this:
  http://www.thegeekstuff.com/2013/08/enable-ssh-cisco/
  Check it out and let me know if you have any questions
  Thank you for rating helpful posts!

• Enabling ssh with a startup config or similar?

  Hello,
  Im am currently testing the new features of IOS 12.2 55 SE1 called "Smart Install".
  I got it working even though it still has many issues but that's probably because it is a very new functionality.
  Anyways, we are using it currently in a lab-environment to test the "zero-touch" replacement of defective Switches. In that case the Director of the SI Network knows what config the defective Switch has saved last.
  It then uses that exact config to deploy to the replaced switch as a startup config.
  For Security Reasons we have the command "transport input ssh" on all lines enabled. (Makes sense if you want to shut out telnet).
  Now, when the new Switch receives the IOS Update (which is also delievered in Smart Install) and therefore reboots, it now uses our startup config.
  With the above mentioned command "transport input ssh" on the lines, we have no way of connecting to the newly replaced switch.
  "Crypto keys cannot be generated on startup" is the message I see on the Serial-Console output.
  Has anyone got an idea how we could work around this?
  Is there a way to tell a switch he has to generate an rsa certificate to enable ssh without "touching" it?
  I know that with the command "transport input all" this issue would not be an issue, but that is not an option for a possible productive Release. Since we are using a config of a switch that was running productively, the running config cannot allow telnet to be used..
  I have asked Google, used this forum's search functionality and found nothing. I am absolutely sure though, that this is an issue many Cisco Users have to work with, so I was suprised not to find anything.
  Details of our lab:
  Director Switch: C3560 with IOS 12.2 55 SE1
  Client Switch (to be replaced): C2960 IOS 12.2 55 SE1
  Both have the crypto-image installed.

  Hello Richard,
  Thanks for your answer.
  Smart Install gets the config to the new switch by telnet. Since a factory-new Switch can do telnet, the initial config comes from the director. It connects to the switch over a non-standard telnet port and issues the copy command to get the startup config from the tftp server. After that it does the same with the IOS. We can't really do anything because every interaction with the new switch stops the smartinstall process.
  In your desscribed solution (I will test it later this week) it could be a working solution for deploying new switches.
  In my Scenario however there currently seems to be no way to enable ssh when the startup config is the last known configuration from the switch that died, beacuse this startup config we cannot manually edit (it would defeat the purpose of this feature), since it is backed up by the director and the logic of deciding wheter or not this config is to be used runs on the director.
  I am in contact with "our guys" from cisco, and they are trying to get feedback from the developer team of this feature. I will keep testing new releases for this issue and will report any progress.

• Enable SSH on all LAP's

  Hi there
  is it possible to enable SSH for all LAP's on a WLC console (and even on the GUI)? I only know the command "config ap ssh enable <Cisco AP>", is there a hidden command for all LAP's or a global command to enable SSH per default?
  Thanks a lot and best regards
  Dominic

  It does not seem to be a way on the CLI/ GUI of WLC for ALL the AP from one time click:
  http://www.cisco.com/en/US/docs/wireless/controller/6.0/command/reference/cli60.html#wp8904301
  If you have WCS, I think you can run a template to disable it on all the APs, but this does not exists on the CLI / GUI of WLC.

• IOS for Enabling SSH on 2691 Router

  Can anyone help me in finding out the exact IOS file to enable SSH for 2691 Router having 32 MB Flash & 64 MB RAM. Currently I am having 'c2691-ipbase-mz.123-6c.bin' but it is not supporting SSH. I am not interested in Hardware Upgradation. Pls help

  The best way would be to search using the Cisco Feature Navigator: www.cisco.com/go/fn
  Regards
  Farrukh

• Cisco 4507 with VLANs and Norton Ghost

  Hi Guys,
  I have Cisco 4507 switch with multiple VLANs. The problem is that I can put Norton Ghost in one VLAN and it reimages the client with no problem.
  But I want to reimage the clients in all VLANs in one go. Can some of the experts can tell me how to do that?
  Thanks in advance.

  We have a similar setup. We also have a 4507 with Norton Ghost. In this article on Ghost (Part 1-How Ghost starts the session)(http://service1.symantec.com/SUPPORT/ghost.nsf/docid/1999033015222425), it saids that ghost client uses broadcast initially to contact the Ghost Server. Since it uses broadcast, the broadcast arent going to traverse VLANs. Thats the point of VLANs is to minimize broadcasts. So in other words, lets say a client on VLAN1 broacasts to communicate with the ghost server. Well, if the ghost server is on VLAN1, then it will work of cource because the server will see the broadcast. If the ghost server is on a different VLAN, then its not going to see the broadcast.
  How we get around this is that we have a special NIC on our Ghost Server that allows the ghost server to access more than one VLAN at a time. In other words, the NIC enables trunking from your computer to the switch. So you enable trunking on your switch port for whichever vlans you want the ghost server to access. Then on the ghost server NIC, you set up the NIC to use those same VLANS. Now, the ghost serve will be able to communicate with any computer (ie ghost client) on those VLANS set on the NIC and switch port. The type of NIC that we have is a INTEL PROSet. There are other NICs out there though that have this VLAN capability.

• Enabling SSH and disabling Telnet

  I am trying to enable SSH on a 3560G switch so I can disable Telnet.
  Some have mentioned to do an "sh ssh" to see if I have ssh on the switch. It doesn't show. I also have done "transport input ssh" and ssh isn't a valid input method.
  So I decided to upgrade the IOS on the switch. I am now at 12.2(52) SE.
  But I still cannot configure SSH. I get the same results as mentioned above.
  Since this is the latest version of IOS can I not assume that it contains SSH? Or do I need to download a different version of IOS that specifically has SSH in it?
  Thanks for your help

  Yup, you need a K9/CRYPTO image, e.g:
  c3560-ipservicesk9-mz.122-52.SE.bin
  You can use the feature nagivator to search for images with 'Secure Shell' support:
  www.cisco.com/go/fn
  It can be either .tar or .bin does not matter. The .tar image includes the web-gui files (alongwith the .bin IOS image) and does not affect the SSH capability.
  Regards
  Farrukh

• Not able to enable SSH user equivalency for RAC on RHEL 4

  Hi All,
  I am trying to install oracle RAC 11g on RHEL4 (on VMware), I am using below document for reference.
  http://www.oracle-base.com/articles/11g/OracleDB11gR1RACInstallationOnOEL5UsingVMware.php
  Every thing went fine till "SSH user equivalency", but I am not able to SSH and SCP between servers without entering passwords.
  I have tried removing .ssh folder & recreating pub file twice but it did not helped.
  am i missing something?
  Please advice.
  Thanks,
  Abhay.

  Configure SSH on each node in the cluster. Log in as the "oracle" user and perform the following tasks on each node.
  su - oracle
  mkdir ~/.ssh
  chmod 700 ~/.ssh
  /usr/bin/ssh-keygen -t rsa # Accept the default settings.
  The RSA public key is written to the ~/.ssh/id_rsa.pub file and the private key to the ~/.ssh/id_rsa file.
  Log in as the "*oracle*" user on RAC1, generate an "authorized_keys" file on RAC1 and copy it to RAC2 using the following commands.
  su - oracle
  cd ~/.ssh
  cat id_rsa.pub >> authorized_keys
  scp authorized_keys rac2:/home/oracle/.ssh/
  Next, log in as the "oracle" user on RAC2 and perform the following commands.
  su - oracle
  cd ~/.ssh
  cat id_rsa.pub >> authorized_keys
  scp authorized_keys rac1:/home/oracle/.ssh/
  The "authorized_keys" file on both servers now contains the public keys generated on all RAC nodes.
  To enable SSH user equivalency on the cluster member nodes issue the following commands on each node.
  ssh rac1 date
  ssh rac2 date
  ssh rac1.localdomain date
  ssh rac2.localdomain date
  exec /usr/bin/ssh-agent $SHELL
  /usr/bin/ssh-add
  You should now be able to SSH and SCP between servers without entering passwords.
  hope, this may helps you.
  enjoy.
  if you are unable to resolve it, please refer:-
  http://download.oracle.com/docs/cd/B28359_01/rac.111/b28252/preparing.htm#BGBBDHIB
  http://dsstos. blogspot.com/2009/03/linux-oracle-rac-and-bonding-conundrum.html

• Is there any way to enable SSH via Terminal in the OSX Installer utility list?

  Hi guys, I've messed up my install a little on my internal HDD.. I can't boot into OSX as I keep getting kernel panics on boot. I was just wondering if there's any way I can SSH into my Mac Pro via the Terminal on the OSX Installer Utilities list.. I have a Macbook Pro to SSH from but I need a way to enable SSH via that Terminal "-bash-3.2#"..
  I've tried to use the systemsetup -setremotelogin on command but I know SSH requires login keys and as I have no idea what can be used as those keys for the OSX Installer version of Terminal I have no idea how I can enable SSH..
  Tried some sudo commands but as I guess it runs at a completely different level to sudo it won't actually recognise the sudo command..
  Any help would be greatly appreciated guys, if you need me to post any info or results to help then just let me know.
  Thanks alot
  Chris

  If your Mac cannot boot to the OS X installation then you will not be able to set up the SSH (Remote Login) sharing service. The OS X installer does not support any of the system's sharing services. Technically it does have the sshd daemon (server process) that you can set up to accept a connection; however, this will not give you any additional benefit.
  The only reason to SSH into the system would be to get to the Terminal command prompt anyway, which is available when you boot to the Recovery HD partition and choose Terminal from the Utilities menu. If you were to set up SSH and log in, you would still only have the functionality provided by the Terminal in the Utilities menu, and not have access to your Mac's full OS installation.

• Enabling SSH user equivalence resets umask to 0077

  Hi,
  I'm about to install Oracle 10g RAC on Red Hat Linux AS/ES 40 update 2. While configuring Secure Shell I noticed that after I enabled SSH user equivalence, umask gets changed from 022 to 077. Guess I could change umask to 022 before installing the software but is this supposed to happen?
  Thanks,

  I noticed umask had changed to 077 when I enabled user equivalence to log into a remote server without having to enter a password.
  $ umask
  0022
  $ /usr/bin/ssh-agent $SHELL
  $ /usr/bin/ssh-add
  Enter passphrase for /home/oracle/.ssh/id_rsa:
  Identity added: /home/oracle/.ssh/id_rsa (/home/oracle/.ssh/id_rsa)
  Identity added: /home/oracle/.ssh/id_dsa (/home/oracle/.ssh/id_dsa)
  $ umask
  0077

• Rescue CD/distribution that enables ssh/telnet on boot?

  Hi all,
  I am looking for a distribution/live cd that enables ssh/telnet (or something similar) on boot. The reason I need this: I am trying to get data from a broken all-in-one PC (only the monitor appears broken), and do not have access to a monitor.
  I have searched google for this, and it looks like this particular livecd may not exist, and that I may have to create my own livecd (something I have never done before...).
  I figured I'd ask here first, in case anyone knew of such a livecd.
  Thanks

  WonderWoofy wrote:
  I never said you were rude, but I am giving you a viable solution.  It is not like you are going to have to do this over and over again, you simply need access to your headless machine (hopefully just once anyway).
  I did exactly what I am proposing to you when I installed Arch on my headless server.  So I know it can be done, and it is probably one of the simplest of solutions... by that I mean you could be moving data off your drive by now.
  Insert Archiso and press power button
  ...give it some time to boot...
  # passwd <desired password>
  # systemctl start sshd
  PROFIT!
  I tried this earlier, but it did not seem to work. I'll move the PC downstairs and hook it up straight to the router instead of my current usage of powerline ethernet (seems harder to find the IP with nmap), and try the arch iso again.
  The good news is that I know it boots from the CD, from looking at the various lights and listening to the hdd/drive sounds. xD

• Cisco 4507 Catalyst switch goes down

  Hi,
      We have  cisco 4507 catalyst switch in which end users are connected. today this catalyst switch goes down , i checked the input power was normal but the Switch is not running. All the notification lights like supervisior engine and Fan status lights are showing in RED colur . So i switched off the SMPS and wait for some time and i switched ON , the switch starts running and in 3-4 minutes it again goes down.  
  Thanks and Best Regards,

    Get on the console port and watch it while it is booting up.  It will usually tell you why it is failing in the logs or messages as it is booting up . 

• How step by step enable ssh service in switch small bussines?

  HI,
  I upgraded Firmware on switch smallbussines 200, but I don't know how enable SSH.
  Could somebody step by step how will do that?

  Hi,
  with SSH you can't connect by web browser, you can only connect to the cli.
  If you want more security with your web browser enable https as shown in my first screen.
  In your SSH configuration you set up an SSH user and password, is that the correct method you try to connect?
  the more easiest way to connect is with an rsa public key, so server and client exchange the keys by themselves.
  To do so, look at my second screen. Sry but i have only an sf302-08 for showing purposes, so i used your screen and marked the steps.
  1. Delete the RSA und DSA key by marking them and klick on delete
  2. Mark as user authentication "by RSA public key" and klick on apply
  3. check the TCP/UDP services, SSH must be enabled manually (screen1)
  4. reboot the switch
  Now try to connect to the switch by putty or another ssh capable switch.
  regards

• Internet Sloww after enabling IPS on Cisco 5510

  I have recently enabled IPS on Cisco 5510, after we are experiencing slow internet respond. We are sending all traffic to IPS for analysis.

  Based on your needs, configuration and equipment; yes, that can happen with IPS. What's your question?