1. Home
  2. Cisco Systems
  3. Enabling ssh server on cat 4500

Enabling ssh server on cat 4500

Hi,

we've a cat 4500 supervisor ii+. I want to enable the SSH server for secure login to the switch. But i am confused about the installed image has support for this feature or not:

The image name on software advisor is: cat4000-i9k91s-mz.12.2-25.EWA4 The installed image name ist: (cat4000-I9K91S-M), Version 12.2(25)EWA4, RELEASE SOFTWARE (fc1)

Is this the same?

There is no documentation about how to enable the ssh server on the cat

4500 command reference, even the crypto command (which _is_ present on our switch) is not there, why? Is there another documentation for the crypto enabled image?

Regards, Markus

Reply to
Markus Marquardt
Loading thread data ...

That filename corresponds to the " BASIC L3 3DES (RIP,ST.ROUTERS,IPX,AT)" feature set which does include support for running a SSH v1 and v2 server.

Make sure you have a hostname and domain name. Then generate a RSA key. Make sure you aren't limiting the transport input on your VTYs to only telnet. That should do it.

hostname ip domain-name crypto key generate rsa general-keys modulus 1024 line vty 0 15 transport input telnet ssh end

That should do it. You can tweak it even more with the various "ip ssh" config options.

formatting link
Give that a try. You code should support it just fine.

J
Reply to
routerstud

formatting link

A username (and login local?) is I think necessary too.

conf t

username fred password bloggs line vty 0 4 login local transport input telnet ssh

Reply to
anybody43

I don't mean to hijack... but if anyone is interested in doing this on CatOS (I see you're using IOS), then instructions are here:

formatting link
It took me a while to locate them on Cisco's site, so I thought I'd share them in case anyone stumbled on this thread looking for CatOS info.

Chris

Reply to
Chris

formatting link
>

Good call. I forgot that. I can't recall if "login local" is available before enabling AAA (aaa new-model). It might simply be "login". I don't have any non-AAA-enabled gear to look at unfortunately.

J
Reply to
routerstud

That did the job for me, thank you.

Regards, Markus

Reply to
Markus Marquardt

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.