ssh configuration on perimeter router.

Answered Question
Apr 3rd, 2008
User Badges:

How do I configure my internet router (perimeter router) to accept ssh from my inside network. The router has an IOS capable of ssh v1 & 2.

Correct Answer by Richard Burts about 9 years 1 month ago

Bernadette


I am glad that you got it resolved. Thank you for posting back to the forum to indicate that it was resolved and how you resolved it. It makes the forum more useful when people can read about a problem and can read what did resolve the problem. The forum is an excellent place to learn about Cisco networking. I encourage you to continue your participation in the forum.


HTH


Rick

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
lamav Thu, 04/03/2008 - 19:24
User Badges:
  • Blue, 1500 points or more

To enable SSH, besides the command below, the device hostname and ip domain name must be configured.


Router(config)# ip ssh

(enable SSH)


Router(config)# crypto key generate rsa

(generate SSH key pair to support remote SSH access)




bericaleb Sun, 04/06/2008 - 16:32
User Badges:

I'm on our inside network and want to ssh to our perimeter router the message is displaying is 'Network error: connection refused'

Richard Burts Sun, 04/06/2008 - 16:57
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Bernadette


I am not sure that we have enough information yet to determine what the problem is. There are several issues that might cause this:

- are the VTY lines of the perimeter router configured to accept SSH?

- is there potentially a version difference? Is your SSH client sending version 2 but the router is expecting version 1, or are you sending version 1 and the router is expecting version 2?

- is there an access class configured on the VTY lines that is not accepting connection requests from your address?


Lets start with some information about the router config - especially the configuration of SSH and of the VTY lines.


HTH


Rick

bericaleb Sun, 04/06/2008 - 17:35
User Badges:

Hi Rick


pls note, vty line is configured for SSH, router is running ver 2 ssh, and client is running ver 2 and no access class on the vty lines.

Also note when I do show ssh, it's displaying

%No SSHv2 server connections running.

%No SSHv1 server connections running.

why?



Richard Burts Sun, 04/06/2008 - 17:54
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Bernadette


It is displaying no server connections running because there are no active SSH connections to the router (router as server when it accepts SSH connections).


If the error message is connection refused rather then could not connect then probably we can rule out IP connectivity as the cause of the problem. So there is probably something in the router configuration. It might be an interface access list, it might be some kind of RPF check issue, it might be something else. It would be helpful if you would provide router configuration.


HTH


Rick

Richard Burts Sun, 04/06/2008 - 18:31
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Bernadette


Thank you for posting the config. I have looked at it and I wonder if I have found a clue. I see that the description on Fastethernet0/0 indicates that it connects to a firewall. Would I be correct in assuming that this is the interface through which you are attempting SSH? If so I wonder if the firewall is allowing the SSH traffic to go through. Could you run debug for ssh, attempt the connection, and post the output which should indicate whether the request is received?


HTH


Rick

bericaleb Mon, 04/14/2008 - 19:03
User Badges:

Hi Rick


What you assumed is very true.I ran a debug for ssh on the Firewall but no output is shown when I attempted ssh to the perimeter router. I'm totally stuck and can't figure out.

Richard Burts Tue, 04/15/2008 - 07:38
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Bernadette


I am glad that my theory of the problem turned out to be correct. Apparently there is some access rule on the firewall that is not permitting the SSH to go through to the perimeter router. Are you the administrator for the firewall or is there someone else who does that?


HTH


Rick

bericaleb Sun, 04/20/2008 - 14:03
User Badges:

Rick


thanks for you help, I'am the administrator of our firewall. I figured the problem was a wrong ip address on the putty client software. When I corrected it I was able to get through.

Correct Answer
Richard Burts Mon, 04/21/2008 - 03:26
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Bernadette


I am glad that you got it resolved. Thank you for posting back to the forum to indicate that it was resolved and how you resolved it. It makes the forum more useful when people can read about a problem and can read what did resolve the problem. The forum is an excellent place to learn about Cisco networking. I encourage you to continue your participation in the forum.


HTH


Rick

Actions

This Discussion