SSH router to router

Answered Question
Aug 22nd, 2007
User Badges:

I have the line ports on a couple of routers to allow for SSH only access which works just fine when I SSH from a PC. The routers have a crypto key generated and ACS is the tacacs server for authentication. The routers also have a local username/password for when the ACS is not available.


However once I'm SSH'd into one of the routers I'd like to be able to SSH from that router to another router.


What do I need to do to be able to do that?


Here is the config I have right now:


username xxxxxx password 7 xxxxxxxxx

aaa new-model

aaa authentication login default group tacacs+ local

aaa authentication login vty line

aaa authentication login console line

aaa authentication enable default group tacacs+ enable

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting connection default start-stop group tacacs+


ip ssh time-out 60

ip ssh authentication-retries 2

ip ssh version 2


line vty 0 4

password xxx

transport input ssh

line vty 5 15

password xxx

transport input ssh



Correct Answer by Richard Burts about 9 years 11 months ago

Jim


I am not sure that you need to do anything else. It may depend on the version of code but the IOS that I am running supports both SSH server (SSH to the router) and SSH client (SSH from the router to somewhere else).


lab_1841>ssh 10.26.0.1


Password:


router>


HTH


Rick

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Richard Burts Wed, 08/22/2007 - 07:57
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Jim


I am not sure that you need to do anything else. It may depend on the version of code but the IOS that I am running supports both SSH server (SSH to the router) and SSH client (SSH from the router to somewhere else).


lab_1841>ssh 10.26.0.1


Password:


router>


HTH


Rick

jkeeffe Wed, 08/22/2007 - 08:16
User Badges:

How simple is that! I tested it and it worked great. For some reason I was trying 'telnet xxx.xxx.xxx.xxx 22' instead of actually using the ssh command.


Thanks!

Richard Burts Wed, 08/22/2007 - 08:24
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Jim


I love it when things are simple and they "just work".


Thank you for using the rating system to indicate that your question was resolved (and thanks for the rating). It makes the forum more useful when people can read about a question and can know that they will read responses that successfully resolved the question. I encourage you to continue your participation in the forum.


HTH


Rick

Actions

This Discussion