Ethernet Switches & Routers

Reply
Occasional Contributor
Posts: 17
Registered: ‎08-09-2013

Unable to authenticate via SSH


Hello Everyone,

  This is my first time using a Brocade router. Traditionally I have been immersed in Juniper and Cisco appliances. So far I am impressed with Brocade hardware. However, I have found myself defeated by my own lack of knowledge surrounding Brocade's syntax.

  In this instance, I am having difficulty enabling local authentication for SSH. After following the information in the PDF "Brocade MLX Series and NetIron Familiy Configuraiton Guide, 05.4.00a", I figured it would have been easy.... I mean.. setting up ssh tends to be pretty straighforward ...

I've created users, admin and admin2 locally in an attempt to debug my authentication attempts.

Syslog shows the following for my login attempt:

Aug 27 19:49:02 yuledge-1.DOMAIN.local Security: SSH access by user admin2 from src IP 10.3.X.X rejected, 1 attempt(s)

telnet@NetIron CER 2024C-4X#show ip ssh config

SSH server                 : Enabled

SSH port                   : tcp\22

Host Key                   : DSA 1024, RSA 2048

Encryption                 : AES-256, AES-192, AES-128, 3-DES

Permit empty password      : No

Authentication methods     : Password, Public-key, Interactive

Authentication retries     : 3

Login timeout (seconds)    : 120

Idle timeout (minutes)     : 0

Strict management VRF      : Disabled

SCP                        : Enabled

SSH IPv4 clients           : All

SSH IPv6 clients           : All

SSH IPv4 access-group      :

SSH IPv6 access-group      :

SSH Client Keys            :

telnet@NetIron CER 2024C-4X#

Has anyone else run into this ?

Super Contributor
Posts: 1,087
Registered: ‎12-13-2009

Re: Unable to authenticate via SSH

My guess is you have forgotten to generate the crypto keys.

From config level enter "crypto ken gen".

Occasional Contributor
Posts: 17
Registered: ‎08-09-2013

Re: Unable to authenticate via SSH

Hello Michael,

  Thank-you kindly for your reply.

  I have created the crypto key as outlined in the documentation.

telnet@NetIron CER 2024C-4X(config)#crypto key generate rsa modulus

Key already exists. Please zeroize it.
telnet@NetIron CER 2024C-4X(config)#crypto key generate dsa

Key already exists. Please zeroize it.
telnet@NetIron CER 2024C-4X(config)#crypto key generate

Key already exists. Please zeroize it.
telnet@NetIron CER 2024C-4X(config)#

Typically setting up the SSH server is something very straightforward and simple..... this is why I'm thinking I must be missing something... like ssh user authentication local or something along those lines...

Super Contributor
Posts: 1,087
Registered: ‎12-13-2009

Re: Unable to authenticate via SSH

Sorry, I am not near a computer to tell you exactly.

First gen keys - you have done that

Then create local usernames - again done

Set AAA to use local usernames?

Something like

AAA authen default local  AAA authen login default local (as Charles states in the next post this is the correct command)

Also if you search these communities for ssh config, you will find a few posts that go over step by step - my phone will not let me copy the link Directly.

Thanks

Michael.

Occasional Contributor
Posts: 17
Registered: ‎08-09-2013

Re: Unable to authenticate via SSH

Hello Michael and other random viewers,

  I answered my own question! The documentation is correct, once you have your DSA and RSA keys setup, the SSH server is enabled. However, the user experience itself is not complete. As noted in my previous post, I knew I was missing something..... writting it out I kinda did a #facepalm and realized that I didn't specify *where* to authenticate.

The following line enables the SSH server to authenticate locally

aaa authentication login default local

Cheers,

Occasional Contributor
Posts: 17
Registered: ‎08-09-2013

Re: Unable to authenticate via SSH

hello Michael,

  Thank-you very much for your reply. I just saw the update as I posted my own reply. After writing out "this is why I'm thinking I must be missing something... like ssh user authentication local or something along those lines..." I realized that I wasn't giving the router instructions on where to authenticate!

  I greatly appreciate your input and thanks for helping me jog through this simple trouble.

Respectfully,

Charles

Super Contributor
Posts: 1,087
Registered: ‎12-13-2009

Re: Unable to authenticate via SSH

Most welcome Charles, and welcome to the Brocade community.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.