Enabling ssh with a startup config or similar?

Similar Messages

• How enable ssh server on startup IOS 15.1 cisco 881

  With IOS 12.4 it work with
  ip ssh rsa keypair-name myRSAKey
  ip scp server enable
  but with IOS 15.1 it does not work. Because i want via ssh send a new config to router and it should ssh on after reboot.
  Please help me Thanks lot.

  Sebastian
  In a previous post you said:"Now we have found the error. The NVRAM has an defect. he NVRAM do not Save the rsa keys."
  If this is because of a defect in NVRAM then this is a hardware issue, and the appropriate solution is ask Cisco to RMA the device.
  It may be possible that this failure to save the RSA keys could be a software problem. But if you have gone back to a 12.4 version that is used without problem on a similar Cisco device, then I would guess that it is a hardware error and that the solution is to replace the device.
  HTH
  Rick

• Won't load startup config

  I've got a strange problem where the router won't boot with the startup config. When I type 'sho start' I see my config displayed but when I type 'sho run' it shows the generic config with none of the changes I made. Also, every time I power cycle the router it comes up with the following:
  Would you like to enter the initial configuration dialog? [yes/no]:
  When I type 'copy start run' and then 'sho run' I see my configuration changes in the running config. However when I power cycle the router it comes back up wit the initial configuration dialog and none of my configuration changes are in the running config????
  I tried going through the initial configuration dialog, choosing the basic setup and assigning just a hostname and ip address to e0/0 but when I power cycle the router it still comes back up with the initial configuration dialog and doesn't have any of my changes in the running config.
  What the heck is going on here?

  Hi,
  Issue the show version command and check the last line where it says config register.
  If it is not set to (config-register 0x2102) then your router will not load startup-configuration file.
  To resolve this go to configuration mode and change the value to be config-register 0x2102.
  then copy startup-config to running-config and
  then write memory (or copy running-configuration to startup-configuration) and reload the router.
  your router should now load the startup-configuration.
  Hope This Helps
  Regards
  Shaheen

• [SOLVED] Problem with adding a SSH connection to startup

  Hi guys. I have a problem with adding ssh connection to startup. i want this command to run before kde login screen  and keep running all time.
  ssh -D 9292 remoteuser@remotehost
  but it doesnt connect. Thanks for help!
  Last edited by alperenel (2011-03-11 00:10:27)

  cactus wrote:
  ssh -fN -D 9292 remoteuser@remotehost
  you need -f, which sends ssh to the background, and -N which does not execute a remote command.
  If you need it to run as a user other than root, then you probably need to utilize su as well.
  it didnt work either. i am putting it in rc.local but doesnt work.

• Authentication failed on device 3 times. Failed to detect SSH version running on the device. PRIMARY-STARTUP config Fetch Operation failed for TFTP

  I have devices loaded but new devices keep getting this error "Authentication failed on device 3 times. Failed to detect SSH version running on the device. PRIMARY-STARTUP config Fetch Operation failed for TFTP" - which trying to get configurations. I am using LMS 3.0.1
  I tried to TELNET on devices via Putty port 22 no good. Please help?
  Name Version License Status Size CiscoWorks  Common Services 3.1.1 Licensed Not applicable  Campus  Manager 5.0.3 Purchased 1500  CiscoView 6.1.7 Licensed Not applicable  CiscoWorks  Assistant 1.0.1 Licensed Not applicable  Device  Fault Manager 3.0.3 Purchased 1500  Internetwork  Performance Monitor 4.0.1 Purchased 1500  Integration  Utility 1.7.1 Licensed Not applicable  LMS  Portal 1.0.1 Licensed Not applicable  Resource  Manager Essentials 4.1.1 Purchased 1500

  Showing 1-1 of 1 records
  Go to page:
  of 1 pages
  Device Name
  SysObjectID
  Model
  Device Status
  Inventory Status
  Inventory Last Updated Time
  Config Status
  Config Last Updated Time
  1.
  R2020012_01
  .1.3.6.1.4.1.9.1.576
  Cisco 2811 Integrated Services Router
  Normal
  Success
  Jan 13 2011 10:43:49 EST
  Failed
  Jan 13 2011 10:37:24 EST
    Rows per page:
  20 50 100 500
  Go to page:
  of 1 pages

• Rescue CD/distribution that enables ssh/telnet on boot?

  Hi all,
  I am looking for a distribution/live cd that enables ssh/telnet (or something similar) on boot. The reason I need this: I am trying to get data from a broken all-in-one PC (only the monitor appears broken), and do not have access to a monitor.
  I have searched google for this, and it looks like this particular livecd may not exist, and that I may have to create my own livecd (something I have never done before...).
  I figured I'd ask here first, in case anyone knew of such a livecd.
  Thanks

  WonderWoofy wrote:
  I never said you were rude, but I am giving you a viable solution.  It is not like you are going to have to do this over and over again, you simply need access to your headless machine (hopefully just once anyway).
  I did exactly what I am proposing to you when I installed Arch on my headless server.  So I know it can be done, and it is probably one of the simplest of solutions... by that I mean you could be moving data off your drive by now.
  Insert Archiso and press power button
  ...give it some time to boot...
  # passwd <desired password>
  # systemctl start sshd
  PROFIT!
  I tried this earlier, but it did not seem to work. I'll move the PC downstairs and hook it up straight to the router instead of my current usage of powerline ethernet (seems harder to find the IP with nmap), and try the arch iso again.
  The good news is that I know it boots from the CD, from looking at the various lights and listening to the hdd/drive sounds. xD

• The system has unsaved changes - WLC Startup-config

  Hi guys,
  Is there a command to see the startup-config?
  Or a command to see "what exactly" am I going to save when receiving the below message:     
  The system has unsaved changes.
  Would you like to save them now? (y/N)
  I tried show run-config vs uploaded configuration file, but the format is different so I cannot compare...

  Hi
  With Areonet OS (5508,2504,etc) you do not have this freedom
  If it is IOS you can do this using a single command "show archive config differences nvram:startup-config system:running-config" So with 5760/3850 you can do this.
  http://mrncciew.com/2012/11/08/show-archive-config-differences-is-your-friend/
  With Areonet 5508,2504 if you need to know what commands your configuration will adds to your config, you can do some sort of workaround (though it is not clean,still you can see what lines adding to WLC config)
  Do  "debug aaa tacacs enable" on your WLC CLI & then make a change using WLC GUI, you will see on your CLI what commands it will add to your config.
  So you have to make your changes one by one to learn all the CLI config addition to your configuration.
  HTH
  Rasika
  **** Pls rate all useful responses ****

• SRW208G download startup config

  I am trying to download the config data for my switch via the Telnet or SSH interface, but cannot make it work. I have confimed my TFTP server works OK. The switch is running v1.04 firmware. If I leave the Filename field blank I get an "Unknown Error" response. If I try to enter a filename, it doesn't mattter what I enter I always get "File not found" back as if the system is trying to upload rather than download?!
  Source File is set to "startup-config" and destination "tftp".
  Why won't this work? Is there some undocumented trick to getting this to work? I need to access via Telnet/SSH in order to automate the config backup.
  After a struggle I managed to download the file via the HTTP interface, but only after accessing the URL directly instead of via the frames. There seems to be some serious issues with the Web interface in that it won't work at all with Mozilla and barely works with IE v7.
  Solved!
  Go to Solution.

  I've finally got it to work. You have to set a password for the user you're logged into the switch as, i.e. "admin". If you leave the password blank as per factory defaults you cannot download the configuration data via Telnet or SSH. This seems somewhat bizzare as you can download the config via the Web interface without setting a password.

• FTP client and startup-config backup on SCE

  Hi,
  Does anybody know why I'm not able to upload startup-config from SCE device to FTP server ?
  I use command:
  copy startup-config ftp://anonymous:[email protected]/startup-config.txt
  but everytime I see error message:
  Error - Failed to open destination file.
  What's wrong with it ? Another client from my PC is able to connect to this FTP server

  Hi,
  Does anybody know why I'm not able to upload startup-config from SCE device to FTP server ?
  I use command:
  copy startup-config ftp://anonymous:[email protected]/startup-config.txt
  but everytime I see error message:
  Error - Failed to open destination file.
  What's wrong with it ? Another client from my PC is able to connect to this FTP server

• Enabling SSH on SG300-20

  I had some issues with this, and was not able to find an answer in the help or searching the web. In order to help the next person, here are the instructions:
  I have a brand new SG 300-20 switch, and I am attempting to add ssh to the login capabilities.
  Using the web interface I have enabled SSH Service in the Security-TCP/UDP Services.
  I am not able to access ssh, port scans (nmap) also do not show port 22 open.
  The missing key is the generation of SSH crypto keys.
  1. Using the web interface enabled telnet in the Security-TCP/UDP Services section
  2. Log in via telnet
  3. Traverse tree to : System Configuration Menu - Management Settings - SSH Configuration - SSH Crypto Key Generation
  4. Choose the Execute action.
  That's it.
  ssh away !

  Hi
  I used your method to generate a RSA key.
  I gotta say when i had a look at the algorithm used, as per the screen capture below.
  I saw AES256 with Cipher block chaining.. sure looks pretty darn secure.
  US government standards body produced the following;
  http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf
  According to section 2 of that document i am pretty happy  and not concerned, cipher block chaining of AES-256.
  This is very strong encryption..
  I have attached a SSH wireshark capture of my SSH exchange between my PC and my SG300-10P
  If you get can figure my userid, i will absolutely forward this posting to the Cisco Small Business Switch Product management team for immediate action .
  regards Dave

• Hi , I suhail khan from india and i am user of iMac system 10,1.These days i am facing the sound enabling issue with my iMac system I am not able to hear sound in my iMac system.So kindly suggest me how to enable sound in my iMac . Please no the needful.

                    Hi , I suhail khan from india and i am user of iMac system 10,1.These days i am facing the sound enabling issue with my iMac system I am not able to hear sound in my iMac system.So kindly suggest me how to enable sound in my iMac . Please no the needful.

  Take each of the following steps that you haven't already tried.
  1. If you've recently plugged anything into the audio-out (headphone) port, plug and unplug it a couple of times.
  2. From the menu bar, select
   ▹ System Preferences ▹ Sound ▹ Output
  Check the settings. The internal speakers should be selected as the output device, the Mute box should not be checked, and the volume slider should be at least halfway to the right.
  3. Look inside the headphone port. If a red light is coming from the port, the internal switch is stuck in the position for digital output. You may be able to free it by inserting and removing a headphone mini-stereo jack of the proper size.Inserting any kind of tool in the port may cause damage that won't be covered by your warranty.
  4. Boot in safe mode by holding down the shift key at the startup chime. It will take much longer than usual. You don't have to log in; just reboot as usual (without holding any keys) when the login screen appears. (Note: If FileVault is enabled under OS X 10.7 or later, or if a firmware password is set, or if the boot volume is a software RAID, you can’t boot in safe mode.)
  5. Reset the NVRAM.
  6. Reset the SMC.
  7. Reinstall OS X after backing up all data as a precaution. You won't need your backup unless something goes wrong.
  8. Make a "Genius" appointment at an Apple Store.
  Back up all data on the internal drive(s) before you hand over your computer to anyone. If privacy is a concern, erase the data partition(s) with the option to write zeros* (do this only if you have at least two complete, independent backups, and you know how to restore to bare metal from any of them.) Don’t erase the recovery partition, if present.
  *An SSD doesn't need to be zeroed.

• Copying startup-config file

  Hi,
  I have one armed mode CSS11503. I can't sync. both Load balancers.
  Is it possible to copt master's startup-config file via ftp and modify than paste in slave one?

  you can copy the config from one css to a ftp server.
  First create an FTP record in config.
  Then use the command 'copy startup-config ftp '
  Edit the file and adjust circuit ip addresses and app settings.
  Then copy it into the standby CSS with the command
  copy ftp startup-config
  Gilles.

• Startup config error after upgrading to ASA from PIX

  Hey guys.  I get the following startup-config errors when reloading our ASA.  A pix->asa conversion was just done on it.  The ASA is currently running 8.2(5), and I am trying to get ready to update it to the most stable release, and wanted to make sure all my ducks are in a row.  What is going on with the "will be identity translated for outbound"? This is part of the VPN configuration, and I understand nat0 is saying to not nat it.  Is this something that I should be worried about?  The ASA is not in production currently.
  Let me know if you need further information
  Thanks,
  .........nat 0 10.37.0.116 will be identity translated for outbound
  *** Output from config line 406, "nat (inside) 0 10.37.0.1..."
  nat 0 xx.xx.xx.xx (PUBLIC IP) will be identity translated for outbound
  *** Output from config line 431, "nat (inside) 0 xx.xx.xx..."
  Line 406
  nat (inside) 0 10.37.0.116 255.255.255.255
  Line 431
  nat (inside) 0 xx.xx.xx.xx (PUBLIC IP) 255.255.255.255
  Corresponding global
  nat (outside) 0 access-list outside_inbound_nat0_acl outside
  nat (inside) 0 access-list inside_outbound_nat0_acl
  ACL
  access-list outside_inbound_nat0_acl extended permit ip 172.16.16.0 255.255.255.0 any
  access-list inside_outbound_nat0_acl extended permit ip any 172.16.16.0 255.255.255.0
  access-list inside_outbound_nat0_acl extended permit ip 10.37.0.0 255.255.0.0 172.16.16.0 255.255.255.0
  access-list inside_outbound_nat0_acl extended permit ip 172.31.0.0 255.255.0.0 172.16.16.0 255.255.255.0

  Hi,
  I would imagine that there is no problem as the firewall has not given any kind of error message.
  I do personally wonder sometimes why is it so (atleast in the 8.2 softares etc) that the firewall shows a message on the CLI when you are for example configuring a "global" / "nat" command pair.
  I wonder if this falls into the same category.
  The configuration format for NAT has stayed pretty same leading to the 8.2 softwares. I'm not totally sure what software you are going to go for but you seem to have the latest 8.2 series software so next steps are already 8.3 / 8.4 / 9.0 / 9.1
  ALL of the above mentioned softwares introduce a completely new NAT configuration format to the ASA. While the ASA automatically converts the configurations its not always 100% process not to mention that the NAT configuration probably is far from optimal.
  - Jouni

• Adobe reader  XI "Enable Protected Mode at startup" dragon naturally speaking

  adobe reader  XI "Enable Protected Mode at startup" doesn't work with dragon naturally speaking, how do I download the older version?

  Just disable Protected Mode (Edit | Preferences | Security (Enhanced)).
  If you do need a previous version: http://get.adobe.com/reader/enterprise/

• %Error opening nvram:/startup-config (Permission denied)

  I'm getting an odd error, permission denied trying to issue "show config" at user level.  We use this throughout the environment with no issues.
  IOS: System image file is "flash0:c2900-universalk9-mz.SPA.152-3.T.bin"
  R1#sh run | i aaa
  aaa new-model
  aaa authentication login default group tacacs+ local
  aaa authorization exec default group tacacs+ if-authenticated
  aaa authorization commands 1 default group tacacs+ if-authenticated
  aaa authorization commands 15 default group tacacs+ if-authenticated
  aaa accounting commands 15 default stop-only group tacacs+
  aaa session-id common
  R1#sh run | i priv
  privilege exec level 1 traceroute
  privilege exec level 1 ping
  privilege exec level 1 show logging
  privilege exec level 1 show configuration
  privilege exec level 1 show privilege
  privilege exec level 1 show
  R1#disable
  R1>show config
  Using 11855 out of 262136 bytes
  %Error opening nvram:/startup-config (Permission denied)

  You are indeed allowed to run the command (as evidenced by the fact that the command did run).
  show config is effectively an alias for the command more nvram:startup-config
  As a result, the issue is the permission on the file, not the command itself.
  Unfortunately, the file systems do not explicitly support permissions.  This used to be implicitly supported through permissions on show config.
  Perhaps this is a bug.  I'd open a case on this if you need really need this feature.