Adding ssh and deleting telnet

Unanswered Question
May 4th, 2007

Can anyone briefly tell me how to do this without hanging myself out of the box . We have basically been tasked with adding ssh access on both IOS and Catos boxes . I have read thru the cisco documents been its not entirely clear what needs to be done , specially on catos. Can you enable SSH on a catos box without having to use permit lists ? Also on IOS how do you restrict access to ssh only with hanging yourself out of the box , do have to enable SSH and then go back and remove the transport input telnet commnad after the fact ? Our first problem is going to be we have to upgrade hundreds of boxes in order to even run this . Just thought maybe someone could put this in plain english instead of overly complicated ciscospeak . thanks for any help ....

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
royalblues Fri, 05/04/2007 - 04:54


You should first complete the configuraton of prerequisites such as domain name, key length etc for SSH. This will also include checks for IOS supporting SSH

After this you can just telnet to each box and issue the transport input ssh command.

This disables the telnet but does not lock out your current session. All new sessions however needs to be SSH.

If you have 100 devices, a script or cisco works netconfig would help.

I am not sure about CatOS as currently none of my CatoS devcies have the cryptographic images to support SSH

HTH, rate if it does


Amit Singh Fri, 05/04/2007 - 07:24


You have to enable " ip permit list " on cat OS boxes to configure the SSH. Also, on Cat4000 Cat OS supports only SSH Ver1, SSH ver2 is not supported. If you have Cat6500 with CatOS SSH ver2 is supported starting with 8.3.x

Please see the link below for config :

As posted by Narayan, its better to push some script using Ciscoworks if you have a lots of devices for configuration.

-amit singh

glen.grant Fri, 05/04/2007 - 12:16

In playing with ssh on a catos box it appears though you can ssh into a catos box , you cannot ssh from a catos box to another box as the ssh command is not present even in the crypto version of the code , does this sound correct?

royalblues Sat, 05/05/2007 - 04:36


For intiating a SSH from a cisco device you would require the SSH client. This feature was introduced in the IOS software but i dont think they did it for CatOS


glen.grant Sat, 05/05/2007 - 09:07

Ok ,thanks for confirming don't see any way to ssh directly from a catos switch, yes IOS does have it built in .


This Discussion