Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

1841 => Unable to connect via SSH

I am able to connect to this router via a crypto isakmp tunnel using telnet. However, I am unable to setup SSH on this thing. Can someone please assist me in what I may be missing. I am at a dead end now. I have posted router info and similar input below.

Cisco IOS Software, 1841 Software (C1841-ADVSECURITYK9-M), Version 12.4(3), RELEASE SOFT

WARE (fc2)

======================================

ip domain name CISCO$.COM

ip ssh time-out 60

ip ssh port 2222 rotary 1

ip ssh source-interface FastEthernet0/0

ip ssh version 2

======================================

ip access-list extended CISCO

permit tcp x.x.x.x x.x.x.x any eq 2222

deny ip any any log

access-list 101 permit tcp x.x.x.x x.x.x.x any eq telnet

access-list 101 deny tcp any any eq telnet log

==========================================

line vty 0 4

access-class 101 in

exec-timeout 3 0

password xxxxxxxxxx

transport input all

transport output all

line vty 5 15

access-class CISCO in

password xxxxxxxx

transport input telnet ssh

transport output telnet ssh

=====================================

2 ACCEPTED SOLUTIONS

Accepted Solutions
Bronze

Re: 1841 => Unable to connect via SSH

that looks good...

what happens when you do a sh ip ssh?

Would there be any firewall or ACLs blocking port 22?

Bronze

Re: 1841 => Unable to connect via SSH

The ip ssh port rotary command is only used for

terminal line access and not vty line access. Is everything else working ok now?

9 REPLIES
Bronze

Re: 1841 => Unable to connect via SSH

Were you able to generate a key? If not create a domain-name which is needed to help generate the key

Router(config) ip domain-name Test.lcl

Router(config)#crypto key generate rsa

Lastly you will also need AAA enabled...to enable locally do the following:

Router (config)# aaa new-model

Router (config)# username password

Router (config)# ip ssh time-out

Router (config)# ip ssh authentication-retries

New Member

Re: 1841 => Unable to connect via SSH

This is what I have as my aaa config:

aaa new-model

!

!

aaa group server tacacs+ ecuacs

server x.x.x.x

!

aaa authentication login default group tacacs+ local

aaa authentication enable default group tacacs+ enable

Bronze

Re: 1841 => Unable to connect via SSH

that looks good...

what happens when you do a sh ip ssh?

Would there be any firewall or ACLs blocking port 22?

New Member

Re: 1841 => Unable to connect via SSH

Well, I removed my ACL and I was able to get in. But only on port 22. I applied the "ip ssh port 2004 rotary 1 1" command, which I thought would make me have to use port 2004.

So I guess my question now is what does the port command do.

I played with my ACL and see that I can only connect using port 22.

Bronze

Re: 1841 => Unable to connect via SSH

The ip ssh port rotary command is only used for

terminal line access and not vty line access. Is everything else working ok now?

New Member

Re: 1841 => Unable to connect via SSH

Everything is working great. Thank you so much.

P.S.

Is there a way to use a different port for SSH.

Bronze

Re: 1841 => Unable to connect via SSH

try doing this...

Router(config)# line vty 0 15

Router(config-line)# rotary 1

Router(config)#ip ssh port 2222 rotary 1

if you goto the vty lines first it may work bypassing the default tty, but i'm not 100 percent sure.

Also if this router is facing the internet, i would also force the ssh encryption of vty 0 4 as well.

New Member

Re: 1841 => Unable to connect via SSH

what do you mean when you say force the ssh encryption.

Bronze

Re: 1841 => Unable to connect via SSH

I just mean by default the rotary command works for tty lines. If you can use the command when you are in the vty line interface it may allow you to change the vty port. If you get a chance, try the commands in the previous post

371
Views
0
Helpful
9
Replies