• No results found

Secure Shell (SSH) FAQ

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Secure Shell (SSH) FAQ"

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

Secure Shell (SSH) FAQ

Document ID: 19143

Contents

Introduction

How do I configure SSH terminal−line access (also known as reverse−telnet)? Is SSH supported on the Catalyst 2900?

How can I determine which platforms and versions of code support SSH?

When I try to remove certain SSH commands from my router, it continues to ask me to create RSA keys in order to enable SSH. Why is this?

Does Cisco IOS® SSH version 2 support Digital Signature Standard (DSS)? Does the Cisco IOS SSH server support agent forwarding?

What client authentication mechanisms are supported on the Cisco IOS SSH server?

What does the error Local: Corrupted check bytes on input mean?

Does Cisco IOS support SSH with Blowfish cipher?

When I try to generate RSA keys for SSH access on a router using the crypto key generate rsa command in config mode, I receive this error: % Invalid input detected at '^' marker.. It does not let the router generate the RSA keys to enable SSH access for the router. How is this error resolved?

Do Crypto images support Strong cipher to use SSH with ciphers such as 3DES or AES?

These messages are seen in the logs when trying to configure SSH on a router: SSH2 13: RSA_sign: private key not found and SSH2 13: signature creation failed, status −1. How is this resolved?

Related Information

Introduction

This document answers the most Frequently Asked Questions (FAQs) related to Secure Shell (SSH).

Q. How do I configure SSH terminal−line access (also known as

reverse−telnet)?

(2)

Router(config)#line line−number [ending−line−number] Router(config−line)#no exec

Router(config−line)#login {local | authentication listname Router(config−line)#rotary group

Router(config−line)#transport input {all | ssh} Router(config−line)#exit

Router(config)#ip ssh port portnum rotary group

!−−− Line 1 SSH Port Number 2001

line 1 no exec

login authentication default rotary 1

transport input ssh

!−−− Line 2 SSH Port Number 2002

line 2 no exec

login authentication default rotary 2

transport input ssh

!−−− Line 3 SSH Port Number 2003

line 3 no exec

login authentication default rotary 3

transport input ssh

ip ssh port 2001 rotary 1 3

(3)

ip ssh port

ip ssh port portnum rotary group no ip ssh port portnum rotary group

portnum Specifies the port to which SSH needs to connect, such as 2001.

rotary group Specifies the defined rotary that needs to search for a valid name.

Q. Is SSH supported on the Catalyst 2900?

A. No, it is not.

Q. How can I determine which platforms and versions of code support

SSH?

A. See the Feature Navigator ( registered customers only) and specify the SSH feature.

Q. When I try to remove certain SSH commands from my router, it

continues to ask me to create RSA keys in order to enable SSH. Why is

this?

A. An example of this problem is show here:

804#configure terminal

Enter configuration commands, one per line. End with CNTL/Z. 804(config)#no ip ssh time−out 120

Please create RSA keys to enable SSH. 804(config)#no ip ssh authen

Please create RSA keys to enable SSH. 804(config)

You are encountering Cisco bug ID CSCdv70159 ( registered customers only) .

Q. Does Cisco IOS® SSH version 2 support Digital Signature Standard

(DSS)?

A. Cisco IOS SSH version 2 (derived from OpenSSH code) does not support DSS.

Q. Does the Cisco IOS SSH server support agent forwarding?

A. Cisco IOS SSH does not support agent forwarding. Cisco IOS SSH is derived from OpenSSH code. It interoperates with all the commercial SSH implementations.

Q. What client authentication mechanisms are supported on the Cisco

IOS SSH server?

A. Cisco IOS SSH version 2 (SSHv2) supports keyboard−interactive and password−based authentication methods. In addition to these authentication methods, the SSHv2

Enhancements for RSA Keys feature (available starting with Cisco IOS Software Release 15.0(1)M) supports RSA−based public key authentication for the client and server. For additional information on the authentication mechanisms supported by the Cisco IOS SSH server, refer to Secure Shell Version 2 Support.

(4)

Q. What does the error

Local: Corrupted check bytes on input

mean?

A. Corrupted checkbytes means the SSH packet received failed its integrity check. This is usually because of incorrect decryption. This is also because of an incorrect key used. The incorrect key is caused by the dropping of an encrypted SSH packet. You have either dropped an encrypted packet which should have been sent or dropped a received encrypted packet which should have been decrypted.

Q. Does Cisco IOS support SSH with Blowfish cipher?

A. Cisco IOS does not support SSH with Blowfish cipher. When an SSH client sends such unsupported cipher, the router displays debug messages mentioned in SSH Client Sends Unsupported (Blowfish) Cipher.

Q. When I try to generate RSA keys for SSH access on a router using the

crypto key generate rsa command in config mode, I receive this error:

%

Invalid input detected at '^' marker.

. It does not let the router

generate the RSA keys to enable SSH access for the router. How is this

error resolved?

A. This error appears when the image used on the router does not support the crypto key generate rsa command. This command is supported only in security images. In order to resolve this error use the security image of the appropriate series of the Cisco IOS router used.

Q. Do Crypto images support Strong cipher to use SSH with ciphers

such as 3DES or AES?

A. Yes. Only Crypto images support Strong cipher. In order to use SSH with ciphers such as 3DES or AES you must have Crypto images on your Cisco device.

Q. These messages are seen in the logs when trying to configure SSH on

a router:

SSH2 13: RSA_sign: private key not found

and

SSH2

13: signature creation failed, status −1

. How is this

resolved?

A. These log messages are seen due to Cisco bug IDs CSCsa83601 ( registered customers only) and CSCtc41114 ( registered customers only) . Refer to these bugs for more information.

Related Information

SSH Support Page

Technical Support & Documentation − Cisco Systems

Contacts & Feedback | Help | Site Map

© 2014 − 2015 Cisco Systems, Inc. All rights reserved. Terms & Conditions | Privacy Statement | Cookie Policy | Trademarks of Cisco Systems, Inc.

(5)

References

Download now ( PDF - 5 Page - 29.75 KB )

Related documents

The Foreign Language Educator in Society.pdf

Although there are clear benefits of early second language learning, it is important to note that much of the scholarly literature in the field may have overplayed such benefits,

Multi-Factor Dynamic Modelling and Forecasting of Interest Rates and Equity Markets

In this thesis, several theoretical specifications and estimation techniques are employed towards the dynamic modelling and forecasting of the term structure of interest

Configuring Secure Shell (SSH)

C a u t i o n To enable client public-key authentication to block SSH clients whose public keys are not in the client-public-key file copied into the switch, you must configure

Using sftp in Informatica PowerCenter

¾ You need to create a ssh keys on the informatica server using ssh –keygen command in Unix ¾ Share the public key with the team that maintains your SFTP server and ask them

Cisco Configuring Secure Shell (SSH) on Cisco IOS Router

rtp−evergreen: Remote protocol version 1.5, remote software version Cisco−1.25 rtp−evergreen: Waiting for server public key. rtp−evergreen: Received server public key (768 bits)

49-Horoscope in Your Hand

From the above table on previous page showing planetary relations with each other, we can very clearly see that Moon is of equal power with Venus, and is friendly with Mercury in

Policy design in a model with swings in risk appetite

We showed how habits and the consequent swings in risk appetite affect welfare and highlighted several ways in which movements in asset prices could be incorporated in monetary

The New Keynesian Business Cycle Achievements and Challenges

Figure 3 plots the impulse response functions for output, employment, price level, nominal wage, real wage, real interest rate and real marginal cost in response to a