Cisco 851 change default SSH port

Unanswered Question
Nov 12th, 2007
User Badges:

I have this Cisco 851, nothing fancy:


c851-xxxxxx(config-line)#do sh run | b line vty 0 4


line vty 0 4

exec-timeout 7 0

privilege level 15

login local

transport preferred ssh

transport input telnet ssh



I'm trying to change ssh port to something >1024 with rotary groups:


c851-xxxxx(config-line)#line vty 0 4

c851-xxxxx(config-line)#rotary 1

X121 address and queued type can not be configured on the same rotary group 1

c851-xxxxx(config-line)#rotary 2

X121 address and queued type can not be configured on the same rotary group 2

c851-xxxxx(config-line)#rotary 3

X121 address and queued type can not be configured on the same rotary group 3



Works on a 2811 with advipservices:


ip ssh port 4343 rotary 1

!

line vty 5

exec-timeout 5 0

rotary 1

transport input ssh


My 851 is running advsecurityk9.

Is there any way around this? Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
htarra Fri, 11/16/2007 - 06:54
User Badges:
  • Bronze, 100 points or more

Yeah, you should be able to do this. Basic idea is to convert the 871 console into an aux with "modem enable", then use the "ssh terminal-line access" feature to enable "reverse SSH" into the 2800 console.

The config would go something like this:

username fred pass 0 FLINTSTONE

crypto key generate rsa

ip ssh port 2000 rotary 1

ip ssh break-string


line con 0

modem enable

line aux 0

no exec

transport input ssh

rotary 1

login


then, to do the "reverse ssh" out the aux 0:


$ ssh -l fred -p 2000 ip.addr.of.871


kamikatze Fri, 11/16/2007 - 12:44
User Badges:

Should work on paper but as soon as i reach


c851-bacau(config-line)#line aux 0

c851-bacau(config-line)#rotary 1

X121 address and queued type can not be configured on the same rotary group 1


I get the dreaded X121 error.

Maybe the advsecurity IOS is a no go for this.

Actions

This Discussion