Unable to Log On Using SSH

If you cannot log on using Secure Shell (SSH), perform the following steps.

Procedure

Verify that the network, the switch, and the TACACS+ server is reachable.
Verify whether you configured the SSH client correctly.
Verify whether you enabled and configured the SSH function correctly on the switch:

show ssh global

Example

Verify whether you enabled and configured SSH function correctly on the switch:

Switch:1>enable
Switch:1#show ssh global

Total Active Sessions  : 0
        version            : v2only
        port               : 22
        max-sessions       : 4
        timeout            : 60
        action rsa-keygen  : rsa-keysize 2048
        action dsa-keygen  : dsa-keysize 2048
        rsa-auth           : true
        dsa-auth           : true
        pass-auth          : false
        enable             : true

Job Aid

The following table describes the fields in the output for the show ssh global command.


Parameter	Description
Total active sessions	Specifies the number of active SSH sessions underway.
version	Specifies if SSH is version 1 or version 2. The default is v2. As a best practice, configure the version to v2 only.
port	Specifies the SSH connection port. The default is 22. You cannot configure the following TCP ports as SSH connection ports: 0 to 1024 (except port 22), 1100, 4095, 5000, 5111, 6000, or 999.
max-sessions	Specifies the maximum number of SSH sessions allowed. The default is 4.
timeout	Specifies the SSH connection authentication timeout in seconds. The default is 60 seconds.
action rsa-keygen	Specifies the SSH RSA key size.
action dsa-keygen	Specifies the SSH DSA key size.
rsa-auth	Specifies if RSA authentication is enabled or disabled. The default is enabled.
dsa-auth	Specifies if DSA authentication is enabled or disabled. The default is enabled.
pass-auth	Specifies if password authentication is enabled or disabled. The default is enabled.
enable	Specifies if SSH secure mode is enabled. False is disabled. Secure is enabled.