10-07-2005 06:20 AM
Hi
I want to enable SSH access to my switches and disable telnet access. Do I need to allow telnet access still from my CiscoWorks LMS server or will the LMS server be able to carry out all necessary tasks with telnet disabled.
Solved! Go to Solution.
10-10-2005 03:45 AM
You are correct, Check Device Attributes does not use SSH
Try Netconfig or Network Show and see if these work.
These are the only two applications within RME that do not use SNMP / TFTP.
10-07-2005 06:25 AM
Both LMS 2.2 and 2.5 will use SSH if Telnet fails (and vice versa)
What version are you running?
10-08-2005 04:32 AM
Hi nhabib and thanks for the reply.
We are running LMS 2.2.
We also have an ACS server authenticating and authorizing. I am assuming then that if I enable SSH, when specifying the device attributes the following settings will be OK:
Read Community
Write Community
Telnet
Enable Secret
Enable
TACACS
Local User
Basically then, with telnet disabled on the switches and SSH enabled, when LMS attempts to perform an operation that requires a login session to the switch it will use my TACACS specified username and password to gain SSH access (Is that correct ?).
10-08-2005 05:13 AM
You are correct. You may also go to RME -> Admin -> Config Management -> General Setup and move SSH to the top of the list.
Keep in mind that LMS 2.2 does not support SSH version 2
10-10-2005 01:57 AM
Hi again
I have now enabled SSH on one of my switches (and disabled telnet access) and it seems to be working OK. RME can still download config files from this switch. I am wondering however if disabling telnet will affect any othere neccesary tasks that LMS needs to perform . I have tested the device atributes that I have configured against this switch and now the TACACS, TACACS Enable and Local User attributes all fail the test. I presume this is because the test is being performed using telnet.
10-10-2005 03:45 AM
You are correct, Check Device Attributes does not use SSH
Try Netconfig or Network Show and see if these work.
These are the only two applications within RME that do not use SNMP / TFTP.
10-10-2005 04:48 AM
Thanks again for the info :-)
10-10-2005 06:56 AM
Hi, It´s me again.
I seem to be having a problem with software distribution. I get a an error specifying that RME could not connect using Telnet. I can see no option to use SSH under Administration > Software Management > Preferences (only an option to "Use RCP for image transfer (When applicable) ").
Could it be that the software distribution part of RME needs to have telnet enabled or perhaps I´m missing a config option for SSH.
Thanks in advance (again).
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: