Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco 851 change default SSH port

I have this Cisco 851, nothing fancy:

c851-xxxxxx(config-line)#do sh run | b line vty 0 4

line vty 0 4

exec-timeout 7 0

privilege level 15

login local

transport preferred ssh

transport input telnet ssh

I'm trying to change ssh port to something >1024 with rotary groups:

c851-xxxxx(config-line)#line vty 0 4

c851-xxxxx(config-line)#rotary 1

X121 address and queued type can not be configured on the same rotary group 1

c851-xxxxx(config-line)#rotary 2

X121 address and queued type can not be configured on the same rotary group 2

c851-xxxxx(config-line)#rotary 3

X121 address and queued type can not be configured on the same rotary group 3

Works on a 2811 with advipservices:

ip ssh port 4343 rotary 1

!

line vty 5

exec-timeout 5 0

rotary 1

transport input ssh

My 851 is running advsecurityk9.

Is there any way around this? Thanks.

2 REPLIES
Bronze

Re: Cisco 851 change default SSH port

Yeah, you should be able to do this. Basic idea is to convert the 871 console into an aux with "modem enable", then use the "ssh terminal-line access" feature to enable "reverse SSH" into the 2800 console.

The config would go something like this:

username fred pass 0 FLINTSTONE

crypto key generate rsa

ip ssh port 2000 rotary 1

ip ssh break-string

line con 0

modem enable

line aux 0

no exec

transport input ssh

rotary 1

login

then, to do the "reverse ssh" out the aux 0:

$ ssh -l fred -p 2000 ip.addr.of.871

New Member

Re: Cisco 851 change default SSH port

Should work on paper but as soon as i reach

c851-bacau(config-line)#line aux 0

c851-bacau(config-line)#rotary 1

X121 address and queued type can not be configured on the same rotary group 1

I get the dreaded X121 error.

Maybe the advsecurity IOS is a no go for this.

2509
Views
0
Helpful
2
Replies
CreatePlease to create content