i'm trying to change the ssh port on my cisco 850 (ios v12.4(4)T4)
i found the following instructions: http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a00804831de.html#wp1020480
but the more i read on this, the more i think that is just talking about reverse ssh.
i want to change the port the router listens for ssh sessions on. is this possible? should i just forward an outside port to the internal ip address on port 22?
I have a Cisco 800 Series router running 12.3(7)T7 and have been successful in changing my SSH port using something similar to the information provided in the link that you referenced.
I don't recall where I found the config info, but here it is:
Router(config)# ip ssh port 2229 rotary 62
Router(config)# access-list 129 permit tcp x.x.x.x 0.0.0.x any eq 2229
Router(config)# line vty 0 4
Router(config-line)# access-class 129 in
The first line sets the SSH port to 2229 -- pick any port that doesn't conflict with something important
The rotary group is arbitrary and is NOT tied to a specific VTY line number
The access list prevents any other ports from accessing the router -- fill in the appropriate subnet and wildcard mask
That's all there is to it. I've tried several simultaneous sessions using the same port number without a problem.
The one thing to watch out for is AAA. If you follow the example shown in your link using the statement "login authentication default", you must enable AAA using "aaa new-model" and follow with a command specifying where the password(s) will be checked.
This could be "aaa authentication login default group tacacs+ local" if you're using a TACACS+ server with a fallback to the local database on the router, or something as simple as "aaa authentication login default local" to use the local database on the router.
Hope this helps!!
Please provide feedback so that I know whether or not this worked for you.