Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
404
Views
0
Helpful
6
Replies

Adding ssh and deleting telnet

glen.grant
VIP Alumni
VIP Alumni

‎05-04-2007 03:23 AM - edited ‎03-05-2019 03:52 PM

Can anyone briefly tell me how to do this without hanging myself out of the box . We have basically been tasked with adding ssh access on both IOS and Catos boxes . I have read thru the cisco documents been its not entirely clear what needs to be done , specially on catos. Can you enable SSH on a catos box without having to use permit lists ? Also on IOS how do you restrict access to ssh only with hanging yourself out of the box , do have to enable SSH and then go back and remove the transport input telnet commnad after the fact ? Our first problem is going to be we have to upgrade hundreds of boxes in order to even run this . Just thought maybe someone could put this in plain english instead of overly complicated ciscospeak . thanks for any help ....

Labels:
0 Helpful
6 Replies 6

royalblues
Level 10
Level 10

‎05-04-2007 04:54 AM

Glenn,

You should first complete the configuraton of prerequisites such as domain name, key length etc for SSH. This will also include checks for IOS supporting SSH

After this you can just telnet to each box and issue the transport input ssh command.

This disables the telnet but does not lock out your current session. All new sessions however needs to be SSH.

If you have 100 devices, a script or cisco works netconfig would help.

I am not sure about CatOS as currently none of my CatoS devcies have the cryptographic images to support SSH

HTH, rate if it does

Narayan

0 Helpful

Amit Singh
Cisco Employee
Cisco Employee
In response to royalblues

‎05-04-2007 07:24 AM

Glen,

You have to enable " ip permit list " on cat OS boxes to configure the SSH. Also, on Cat4000 Cat OS supports only SSH Ver1, SSH ver2 is not supported. If you have Cat6500 with CatOS SSH ver2 is supported starting with 8.3.x

Please see the link below for config :

http://www.cisco.com/en/US/customer/tech/tk583/tk617/technologies_tech_note09186a0080094314.shtml

As posted by Narayan, its better to push some script using Ciscoworks if you have a lots of devices for configuration.

-amit singh

0 Helpful

glen.grant
VIP Alumni
VIP Alumni
In response to Amit Singh

‎05-04-2007 12:16 PM

In playing with ssh on a catos box it appears though you can ssh into a catos box , you cannot ssh from a catos box to another box as the ssh command is not present even in the crypto version of the code , does this sound correct?

0 Helpful

royalblues
Level 10
Level 10
In response to glen.grant

‎05-05-2007 04:36 AM

Glen,

For intiating a SSH from a cisco device you would require the SSH client. This feature was introduced in the IOS software but i dont think they did it for CatOS

Narayan

0 Helpful

glen.grant
VIP Alumni
VIP Alumni
In response to royalblues

‎05-05-2007 09:07 AM

Ok ,thanks for confirming don't see any way to ssh directly from a catos switch, yes IOS does have it built in .

0 Helpful

griffijo
Level 1
Level 1

‎05-04-2007 04:28 PM

I'd just expand on what someone else said, you can use the "transport input all" command and then confirm ssh is working, this way you can always telnet if there is anything wrong. Once you're sure everything is okay you can change that to "transport input ssh" which effectively turns off telnet access.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card