Did any body figure out how to implemet ssh for IDSM. I created a direct-access and I generated a key. After that I am a little lost. I was able to telnet to port 22 but can't make a connection. I think I am missing something.
I hadn't received the Active Update Bulletin yet so I thought it was still a day or two before release. They posted it earlier than I expected.
To enable the ssh server on the IDSM try going into "configure terminal" mode and executing "direct-access".
Ensure that your client address/network is listed in the access-list and answer yes to the question:
Enabled direct SSH access to IDSM? [yes]:
If you are not able to access the IDSM through SSH after this point then "reboot" the IDSM and try again.
If you are still not able to SSH then also enable Telnet and attempt to telnet to the IDSM.
If telnet doesn't work either then ensure that the ip's in the access-list are correct. If going through NAT you may need to enter the translated address.
If telnet works, but ssh still doesn't work then at least we know that the ip address entries are correct. Can you try another ssh client? There may be a ssh client/server incompatability that we may not be aware of.
If you still can't get it to work then contact the TAC and supply them with the htmlf file output of the "report systemstatus" command as well as the OS type SSH Client version and ip address that you are trying to ssh from.
It is very important to note that the ssh server in IDS 3.0(5)S23 supports only SSH protocol version 1.5. Many ssh clients will negotiate down to this version from SSH protocol version 2, but some will not. OpenSSH-3.4p1 for example will negotiate down only if the "Protocol 2,1" option is set (this is the default). If your default is something else, you can override it a number of ways. The most reliable is to add
-o "Protocol 1"
to the ssh command line. For example:
ssh -l ciscoids -o "Protocol 1" 10.10.10.10
A convenient way to specify this on a per-user and/or per-host basis is to add this option to the Hosts section of the ssh_config file.
SSH.com's ssh client (ssh-3.x.x) will also accept options on the command line using the "-o" parameter. Windows clients (such as PuTTY and SecureCRT) have a GUI for configuring session options.
The secure shell implementations for the Unix-like operating systems use "ssh" as the name of the executable for the client. To learn what implementation you are using, enter the command:
A helpful hint is to operate your ssh client in "verbose" mode. For example, with OpenSSH and SSH.com clients use:
ssh -v -l ciscoids 10.10.10.10
Often this will help you understand why your client is not connecting. An adjustment to the client configuration is normally all that is required to successfully connect.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :