cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1975
Views
0
Helpful
7
Replies

LMS Telnet / SSH Access

srowles
Level 1
Level 1

Hi

I want to enable SSH access to my switches and disable telnet access. Do I need to allow telnet access still from my CiscoWorks LMS server or will the LMS server be able to carry out all necessary tasks with telnet disabled.

1 Accepted Solution

Accepted Solutions

You are correct, Check Device Attributes does not use SSH

Try Netconfig or Network Show and see if these work.

These are the only two applications within RME that do not use SNMP / TFTP.

View solution in original post

7 Replies 7

nhabib
Level 9
Level 9

Both LMS 2.2 and 2.5 will use SSH if Telnet fails (and vice versa)

What version are you running?

Hi nhabib and thanks for the reply.

We are running LMS 2.2.

We also have an ACS server authenticating and authorizing. I am assuming then that if I enable SSH, when specifying the device attributes the following settings will be OK:

Read Community

Write Community

Telnet

Enable Secret

Enable

TACACS

Local User

Basically then, with telnet disabled on the switches and SSH enabled, when LMS attempts to perform an operation that requires a login session to the switch it will use my TACACS specified username and password to gain SSH access (Is that correct ?).

You are correct. You may also go to RME -> Admin -> Config Management -> General Setup and move SSH to the top of the list.

Keep in mind that LMS 2.2 does not support SSH version 2

Hi again

I have now enabled SSH on one of my switches (and disabled telnet access) and it seems to be working OK. RME can still download config files from this switch. I am wondering however if disabling telnet will affect any othere neccesary tasks that LMS needs to perform . I have tested the device atributes that I have configured against this switch and now the TACACS, TACACS Enable and Local User attributes all fail the test. I presume this is because the test is being performed using telnet.

You are correct, Check Device Attributes does not use SSH

Try Netconfig or Network Show and see if these work.

These are the only two applications within RME that do not use SNMP / TFTP.

Thanks again for the info :-)

Hi, It´s me again.

I seem to be having a problem with software distribution. I get a an error specifying that RME could not connect using Telnet. I can see no option to use SSH under Administration > Software Management > Preferences (only an option to "Use RCP for image transfer (When applicable) ").

Could it be that the software distribution part of RME needs to have telnet enabled or perhaps I´m missing a config option for SSH.

Thanks in advance (again).

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco