I am able to connect to this router via a crypto isakmp tunnel using telnet. However, I am unable to setup SSH on this thing. Can someone please assist me in what I may be missing. I am at a dead end now. I have posted router info and similar input below.
Cisco IOS Software, 1841 Software (C1841-ADVSECURITYK9-M), Version 12.4(3), RELEASE SOFT
ip domain name CISCO$.COM
ip ssh time-out 60
ip ssh port 2222 rotary 1
ip ssh source-interface FastEthernet0/0
ip ssh version 2
ip access-list extended CISCO
permit tcp x.x.x.x x.x.x.x any eq 2222
deny ip any any log
access-list 101 permit tcp x.x.x.x x.x.x.x any eq telnet
access-list 101 deny tcp any any eq telnet log
line vty 0 4
access-class 101 in
exec-timeout 3 0
transport input all
transport output all
line vty 5 15
access-class CISCO in
transport input telnet ssh
transport output telnet ssh
Solved! Go to Solution.
Were you able to generate a key? If not create a domain-name which is needed to help generate the key
Router(config) ip domain-name Test.lcl
Router(config)#crypto key generate rsa
Lastly you will also need AAA enabled...to enable locally do the following:
Router (config)# aaa new-model
Router (config)# username
Router (config)# ip ssh time-out
Router (config)# ip ssh authentication-retries
This is what I have as my aaa config:
aaa group server tacacs+ ecuacs
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
Well, I removed my ACL and I was able to get in. But only on port 22. I applied the "ip ssh port 2004 rotary 1 1" command, which I thought would make me have to use port 2004.
So I guess my question now is what does the port command do.
I played with my ACL and see that I can only connect using port 22.
try doing this...
Router(config)# line vty 0 15
Router(config-line)# rotary 1
Router(config)#ip ssh port 2222 rotary 1
if you goto the vty lines first it may work bypassing the default tty, but i'm not 100 percent sure.
Also if this router is facing the internet, i would also force the ssh encryption of vty 0 4 as well.
I just mean by default the rotary command works for tty lines. If you can use the command when you are in the vty line interface it may allow you to change the vty port. If you get a chance, try the commands in the previous post