Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ssh configuration on perimeter router.

How do I configure my internet router (perimeter router) to accept ssh from my inside network. The router has an IOS capable of ssh v1 & 2.

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Re: ssh configuration on perimeter router.

Bernadette

I am glad that you got it resolved. Thank you for posting back to the forum to indicate that it was resolved and how you resolved it. It makes the forum more useful when people can read about a problem and can read what did resolve the problem. The forum is an excellent place to learn about Cisco networking. I encourage you to continue your participation in the forum.

HTH

Rick

12 REPLIES

Re: ssh configuration on perimeter router.

This is a fairly simple process.

Check out this well guided document

http://www.cisco.com/warp/public/707/ssh.shtml#sshvvs

Blue

Re: ssh configuration on perimeter router.

To enable SSH, besides the command below, the device hostname and ip domain name must be configured.

Router(config)# ip ssh

(enable SSH)

Router(config)# crypto key generate rsa

(generate SSH key pair to support remote SSH access)

New Member

Re: ssh configuration on perimeter router.

I'm on our inside network and want to ssh to our perimeter router the message is displaying is 'Network error: connection refused'

Hall of Fame Super Silver

Re: ssh configuration on perimeter router.

Bernadette

I am not sure that we have enough information yet to determine what the problem is. There are several issues that might cause this:

- are the VTY lines of the perimeter router configured to accept SSH?

- is there potentially a version difference? Is your SSH client sending version 2 but the router is expecting version 1, or are you sending version 1 and the router is expecting version 2?

- is there an access class configured on the VTY lines that is not accepting connection requests from your address?

Lets start with some information about the router config - especially the configuration of SSH and of the VTY lines.

HTH

Rick

New Member

Re: ssh configuration on perimeter router.

Hi Rick

pls note, vty line is configured for SSH, router is running ver 2 ssh, and client is running ver 2 and no access class on the vty lines.

Also note when I do show ssh, it's displaying

%No SSHv2 server connections running.

%No SSHv1 server connections running.

why?

Hall of Fame Super Silver

Re: ssh configuration on perimeter router.

Bernadette

It is displaying no server connections running because there are no active SSH connections to the router (router as server when it accepts SSH connections).

If the error message is connection refused rather then could not connect then probably we can rule out IP connectivity as the cause of the problem. So there is probably something in the router configuration. It might be an interface access list, it might be some kind of RPF check issue, it might be something else. It would be helpful if you would provide router configuration.

HTH

Rick

New Member

Re: ssh configuration on perimeter router.

Hi Rick

I've attached here the configs for the perimeter router.

Hall of Fame Super Silver

Re: ssh configuration on perimeter router.

Bernadette

Thank you for posting the config. I have looked at it and I wonder if I have found a clue. I see that the description on Fastethernet0/0 indicates that it connects to a firewall. Would I be correct in assuming that this is the interface through which you are attempting SSH? If so I wonder if the firewall is allowing the SSH traffic to go through. Could you run debug for ssh, attempt the connection, and post the output which should indicate whether the request is received?

HTH

Rick

New Member

Re: ssh configuration on perimeter router.

Hi Rick

What you assumed is very true.I ran a debug for ssh on the Firewall but no output is shown when I attempted ssh to the perimeter router. I'm totally stuck and can't figure out.

Hall of Fame Super Silver

Re: ssh configuration on perimeter router.

Bernadette

I am glad that my theory of the problem turned out to be correct. Apparently there is some access rule on the firewall that is not permitting the SSH to go through to the perimeter router. Are you the administrator for the firewall or is there someone else who does that?

HTH

Rick

New Member

Re: ssh configuration on perimeter router.

Rick

thanks for you help, I'am the administrator of our firewall. I figured the problem was a wrong ip address on the putty client software. When I corrected it I was able to get through.

Hall of Fame Super Silver

Re: ssh configuration on perimeter router.

Bernadette

I am glad that you got it resolved. Thank you for posting back to the forum to indicate that it was resolved and how you resolved it. It makes the forum more useful when people can read about a problem and can read what did resolve the problem. The forum is an excellent place to learn about Cisco networking. I encourage you to continue your participation in the forum.

HTH

Rick

279
Views
5
Helpful
12
Replies