SSH from Cisco Router to another Cisco Router

Answered Question
Apr 26th, 2010

I believe I already know what the issue is but wanted to confirm.

I recently changed the configuration of the routers so that all incoming SSH connections can only be done via the specified port:

ip ssh port xxxx rotary 10

created an ACL and everything works beautifully with Putty.  When I try to SSH from a router to another router it sits there and the ACL permits the connection but nothing happens.

I use ssh -p xxxx NAME.

I assume this is because of the cert not being recognized by the connecting router?

Correct Answer by Ganesh Hariharan about 6 years 9 months ago

Yes I did.  I tried ssh -l username -p xxxx ipaddress

Hi,

What is ios version and model name

Ganesh.H

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Ganesh Hariharan Tue, 04/27/2010 - 23:56

Yes I did.  I tried ssh -l username -p xxxx ipaddress

Hi,

What is ios version and model name

Ganesh.H

m.kafka Wed, 05/26/2010 - 10:55

Hi,

I'm afraid you misunderstood the purpose of ip ssh port:

To enable secure access to tty (asynchronous) lines, use the ip ssh port command in global configuration mode. To disable this functionality, use the no form of this command.

ip ssh port por-tnum rotary group

no ip ssh port por-tnum rotary group

The result of your command

ip ssh port xxxx rotary 10

is, that incoming ssh sessions destined to your secret port xxxx will be forwarded to a vacant async interface belonging to rotary group 10. That is: anything you type into your ssh client will be sent out as an asynchronous character to the async interface to which the ssh session is connected to. Now I assume that you dont have

What you might want to try is the command rotary which allows to put vty into a rotary group

line vty 2 4
 rotary 10
 login local 

Rgds, MiKa

Message was edited by: m.kafka (added line vty rotary)

Actions

This Discussion