ExtremeSwitching (EXOS)

Expand all | Collapse all

Proper steps to Enable SSH on 21.1.3.7 or higher XOS

  • 1.  Proper steps to Enable SSH on 21.1.3.7 or higher XOS

    Posted 07-20-2017 10:12
    was trying to enable SSH on XOS device having 21.1.3.7 image
    did the following steps

    ena ssh <-- OK

    generated a private key.. <-- OK

    i want to have a SSH session via putty or teraterm <-- connection refused
    i want to enable https <-- will not allow

    what are the proper steps to generate the required keys and certificate and import them so that this freakin SSL/SSH related thing will start to work

    can someone please guide to correct steps, like importing PEM or copy from PEM file and pasting it in the console, how can i get a SSL certificate,
    is SSHD2 required also for putty SSH connection ?



  • 2.  RE: Proper steps to Enable SSH on 21.1.3.7 or higher XOS



  • 3.  RE: Proper steps to Enable SSH on 21.1.3.7 or higher XOS

    Posted 07-20-2017 10:55
    i have already used this step, but i don't know about that content/key which is to be copied from some certificate sitting somewhere in the switch which i couldn't locate... where is that certificate with PEM extension?
    i can't find that key which will eventually be used to create the ssl cert.



  • 4.  RE: Proper steps to Enable SSH on 21.1.3.7 or higher XOS

    Posted 07-20-2017 10:55
    show ssh2 private-key

    The private key is save in EEPROM. You cannot see it except the above.



  • 5.  RE: Proper steps to Enable SSH on 21.1.3.7 or higher XOS

    Posted 07-20-2017 10:55
    X460G2-24t-G4.7 # conf ssl privkey pregenerated ?


  • 6.  RE: Proper steps to Enable SSH on 21.1.3.7 or higher XOS

    Posted 07-20-2017 10:55
    thats what happening from the morning. i dont know what content is to be pasted here..i copied from SSH2 private-key which is a long Hex string..
    it will not accept and you can see the Error



  • 7.  RE: Proper steps to Enable SSH on 21.1.3.7 or higher XOS

    Posted 07-20-2017 10:55
    that is not a proper PEM format key.

    Refer here for the correct format.

    http://how2ssl.com/articles/working_with_pem_files/



  • 8.  RE: Proper steps to Enable SSH on 21.1.3.7 or higher XOS

    Posted 07-20-2017 10:55
    thanks Wong,
    so its should be the client side to provide me with proper digital certificate in which is generally a PEM file ?
    i see no command in XOS which are generate that certificate which will have that proper key.
    or is there a way to generate a free certificate ?


  • 9.  RE: Proper steps to Enable SSH on 21.1.3.7 or higher XOS



  • 10.  RE: Proper steps to Enable SSH on 21.1.3.7 or higher XOS

    Posted 07-20-2017 12:10
    Can you get the output of 'show management' and paste it here?


  • 11.  RE: Proper steps to Enable SSH on 21.1.3.7 or higher XOS

    Posted 07-20-2017 12:36
    sh man
    CLI idle timeout : Enabled (20 minutes)
    CLI max number of login attempts : 3
    CLI max number of sessions : 8
    CLI paging : Enabled (this session only)
    CLI space-completion : Disabled (this session only)
    CLI configuration logging : Disabled
    CLI password prompting only : Disabled
    CLI RADIUS cmd authorize tokens : 2
    CLI scripting : Disabled (this session only)
    CLI scripting error mode : Ignore-Error (this session only)
    CLI persistent mode : Persistent (this session only)
    CLI prompting : Enabled (this session only)
    CLI screen size : 24 Lines 80 Columns (this session only)
    CLI refresh : Enabled
    Telnet access : Enabled (tcp port 23 vr all)
    : Access Profile : not set
    SSH access : Enabled (Key valid, tcp port 22 vr all)
    : Secure-Mode : Off
    : Access Profile : not set
    SSH2 idle time : 60 minutes
    Web access : Enabled (tcp port 80)
    : Access Profile : not set
    Total Read Only Communities : 1
    Total Read Write Communities : 1
    RMON : Disabled
    SNMP access : Enabled
    : Access Profile : not set
    SNMP Compatibility Options :
    GETBULK Reply Too Big Action : Too Big Error
    IP Fragmentation : Disallow
    SNMP Notifications : Enabled
    SNMP Notification Receivers : None
    SNMP stats: InPkts 0 OutPkts 0 Errors 0 AuthErrors 0
    Gets 0 GetNexts 0 Sets 0 Drops 0
    SNMP traps: Sent 0 AuthTraps Enabled
    SNMP inform: Sent 0 Retries 0 Failed 0
    X460G2-24t-G4.8 #



  • 12.  RE: Proper steps to Enable SSH on 21.1.3.7 or higher XOS

    Posted 07-20-2017 13:44
    It looks like SSH is enabled and has a valid key. Does it let you try to log in and then reject you? Or reject before you can put in your password?