02-14-2007 12:31 PM - edited 03-09-2019 05:24 PM
i'm trying to change the ssh port on my cisco 850 (ios v12.4(4)T4)
i found the following instructions: http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a00804831de.html#wp1020480
but the more i read on this, the more i think that is just talking about reverse ssh.
i want to change the port the router listens for ssh sessions on. is this possible? should i just forward an outside port to the internal ip address on port 22?
Solved! Go to Solution.
02-15-2007 02:05 AM
I have a Cisco 800 Series router running 12.3(7)T7 and have been successful in changing my SSH port using something similar to the information provided in the link that you referenced.
I don't recall where I found the config info, but here it is:
Router(config)# ip ssh port 2229 rotary 62
Router(config)# access-list 129 permit tcp x.x.x.x 0.0.0.x any eq 2229
Router(config)# line vty 0 4
Router(config-line)# access-class 129 in
The first line sets the SSH port to 2229 -- pick any port that doesn't conflict with something important
The rotary group is arbitrary and is NOT tied to a specific VTY line number
The access list prevents any other ports from accessing the router -- fill in the appropriate subnet and wildcard mask
That's all there is to it. I've tried several simultaneous sessions using the same port number without a problem.
The one thing to watch out for is AAA. If you follow the example shown in your link using the statement "login authentication default", you must enable AAA using "aaa new-model" and follow with a command specifying where the password(s) will be checked.
This could be "aaa authentication login default group tacacs+ local" if you're using a TACACS+ server with a fallback to the local database on the router, or something as simple as "aaa authentication login default local" to use the local database on the router.
Hope this helps!!
Please provide feedback so that I know whether or not this worked for you.
Thanks!
vrs
02-15-2007 02:05 AM
I have a Cisco 800 Series router running 12.3(7)T7 and have been successful in changing my SSH port using something similar to the information provided in the link that you referenced.
I don't recall where I found the config info, but here it is:
Router(config)# ip ssh port 2229 rotary 62
Router(config)# access-list 129 permit tcp x.x.x.x 0.0.0.x any eq 2229
Router(config)# line vty 0 4
Router(config-line)# access-class 129 in
The first line sets the SSH port to 2229 -- pick any port that doesn't conflict with something important
The rotary group is arbitrary and is NOT tied to a specific VTY line number
The access list prevents any other ports from accessing the router -- fill in the appropriate subnet and wildcard mask
That's all there is to it. I've tried several simultaneous sessions using the same port number without a problem.
The one thing to watch out for is AAA. If you follow the example shown in your link using the statement "login authentication default", you must enable AAA using "aaa new-model" and follow with a command specifying where the password(s) will be checked.
This could be "aaa authentication login default group tacacs+ local" if you're using a TACACS+ server with a fallback to the local database on the router, or something as simple as "aaa authentication login default local" to use the local database on the router.
Hope this helps!!
Please provide feedback so that I know whether or not this worked for you.
Thanks!
vrs
02-15-2007 06:31 AM
that did it! thanks a bunch!
i was trying to issue the 'rotary 1' command from the example in 'line vty 0 4' and it would give this error: "X121 address and queued type can not be configured on the same rotary group" which had me all confused!
but now i get it, thanks again!
02-15-2007 09:02 AM
Glad to be of help.
Thanks for the feedback -- it's good to know when something works.
vrs
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide