Comware

 View Only
last person joined: yesterday 

Back to discussions
Expand all | Collapse all

Unable to ssh to IRF stack

This thread has been viewed 0 times

  • 1.  Unable to ssh to IRF stack

    Posted Feb 06, 2018 10:47 AM

    Hi all,

    we have 4switches configured in IRF stack.

    everything is working fine though we're unable to ssh into it. We already had enabled ssh from serial and assigned network admin roles to our users.

    during connection to the switch we reiceved this error message:

    "Connection to 10.128.101.1 closed by remote host.
    Connection to 10.128.101.1 closed."

    this is the actual configuration of the stack:

     sysname HPE 
# 
clock timezone Lisbon add 00:00:00 
clock protocol none 
# 
irf mac-address persistent timer 
irf auto-update enable 
undo irf link-delay 
irf member 1 priority 32 
irf member 2 priority 31 
irf member 3 priority 30 
irf member 4 priority 29 
# 
lldp global enable 
# 
password-recovery enable 
# 
vlan 1 
# 
irf-port 1/1  
#
 scheduler logfile size 16 
# 
line class aux 
user-role network-admin 
# 
line class vty 
user-role network-operator 
# 
line aux 0 3 
user-role network-admin 
# 
line vty 0 63 
user-role network-operator 
# 
ssh server enable 
sftp server enable 
ssh user admin service-type all authentication-type password 
ssh user prisma service-type all authentication-type password 
scp server enable 
# 
ntp-service source Vlan-interface1 
# 
radius scheme system 
user-name-format without-domain 
# 
domain system 
# 
domain default enable system 
# 
role name level-0 
description Predefined level-0 role 
# 
role name level-1 
description Predefined level-1 role 
# 
role name level-2 
description Predefined level-2 role 
# 
role name level-3 
description Predefined level-3 role 
# 
role name level-4 
description Predefined level-4 role 
# 
role name level-5 
description Predefined level-5 role 
# 
role name level-6 
description Predefined level-6 role 
# 
role name level-7 
description Predefined level-7 role 
# 
role name level-8 
description Predefined level-8 role 
# 
role name level-9 
description Predefined level-9 role 
# 
role name level-10 
description Predefined level-10 role 
# 
role name level-11 
description Predefined level-11 role 
# 
role name level-12 
description Predefined level-12 role 
# 
role name level-13 
description Predefined level-13 role 
# 
role name level-14 
description Predefined level-14 role 
# 
user-group system 
# 
local-user admin class manage 
password hash ********
service-type ssh telnet terminal http https 
authorization-attribute user-role security-audit 
password-control aging 365 
password-control login-attempt 10 exceed lock-time 1 
# 
local-user prisma class manage 
password hash ************************* 
service-type ssh telnet terminal http https 
authorization-attribute user-role level-3 
authorization-attribute user-role network-admin 
authorization-attribute user-role network-operator 
password-control aging 365 
password-control login-attempt 10 exceed lock-time 1 
# 
ftp server enable 
# 
ip http enable 
# 
return

    thanks in advance.

    Best regards


    #ssh


  • 2.  RE: Unable to ssh to IRF stack

    EMPLOYEE
    Posted Feb 06, 2018 03:54 PM

    Stefano,

    You are missing authenticaion-mode scheme on a line vty.

    Did you generate the public keys?  If not, use the public-key local create command.

    David