cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
956
Views
5
Helpful
12
Replies

ssh configuration on perimeter router.

bericaleb
Level 1
Level 1

How do I configure my internet router (perimeter router) to accept ssh from my inside network. The router has an IOS capable of ssh v1 & 2.

1 Accepted Solution

Accepted Solutions

Bernadette

I am glad that you got it resolved. Thank you for posting back to the forum to indicate that it was resolved and how you resolved it. It makes the forum more useful when people can read about a problem and can read what did resolve the problem. The forum is an excellent place to learn about Cisco networking. I encourage you to continue your participation in the forum.

HTH

Rick

HTH

Rick

View solution in original post

12 Replies 12

mattcalderon
Level 4
Level 4

This is a fairly simple process.

Check out this well guided document

http://www.cisco.com/warp/public/707/ssh.shtml#sshvvs

To enable SSH, besides the command below, the device hostname and ip domain name must be configured.

Router(config)# ip ssh

(enable SSH)

Router(config)# crypto key generate rsa

(generate SSH key pair to support remote SSH access)

I'm on our inside network and want to ssh to our perimeter router the message is displaying is 'Network error: connection refused'

Bernadette

I am not sure that we have enough information yet to determine what the problem is. There are several issues that might cause this:

- are the VTY lines of the perimeter router configured to accept SSH?

- is there potentially a version difference? Is your SSH client sending version 2 but the router is expecting version 1, or are you sending version 1 and the router is expecting version 2?

- is there an access class configured on the VTY lines that is not accepting connection requests from your address?

Lets start with some information about the router config - especially the configuration of SSH and of the VTY lines.

HTH

Rick

HTH

Rick

Hi Rick

pls note, vty line is configured for SSH, router is running ver 2 ssh, and client is running ver 2 and no access class on the vty lines.

Also note when I do show ssh, it's displaying

%No SSHv2 server connections running.

%No SSHv1 server connections running.

why?

Bernadette

It is displaying no server connections running because there are no active SSH connections to the router (router as server when it accepts SSH connections).

If the error message is connection refused rather then could not connect then probably we can rule out IP connectivity as the cause of the problem. So there is probably something in the router configuration. It might be an interface access list, it might be some kind of RPF check issue, it might be something else. It would be helpful if you would provide router configuration.

HTH

Rick

HTH

Rick

Hi Rick

I've attached here the configs for the perimeter router.

Bernadette

Thank you for posting the config. I have looked at it and I wonder if I have found a clue. I see that the description on Fastethernet0/0 indicates that it connects to a firewall. Would I be correct in assuming that this is the interface through which you are attempting SSH? If so I wonder if the firewall is allowing the SSH traffic to go through. Could you run debug for ssh, attempt the connection, and post the output which should indicate whether the request is received?

HTH

Rick

HTH

Rick

Hi Rick

What you assumed is very true.I ran a debug for ssh on the Firewall but no output is shown when I attempted ssh to the perimeter router. I'm totally stuck and can't figure out.

Bernadette

I am glad that my theory of the problem turned out to be correct. Apparently there is some access rule on the firewall that is not permitting the SSH to go through to the perimeter router. Are you the administrator for the firewall or is there someone else who does that?

HTH

Rick

HTH

Rick

Rick

thanks for you help, I'am the administrator of our firewall. I figured the problem was a wrong ip address on the putty client software. When I corrected it I was able to get through.

Bernadette

I am glad that you got it resolved. Thank you for posting back to the forum to indicate that it was resolved and how you resolved it. It makes the forum more useful when people can read about a problem and can read what did resolve the problem. The forum is an excellent place to learn about Cisco networking. I encourage you to continue your participation in the forum.

HTH

Rick

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco