How can I enable SSH on Cisco 7200 router with IOS 12.1?

Discussion in 'Cisco' started by David Smith, May 27, 2004.

  1. David Smith

    David Smith Guest

    Hello there,

    Can anybody show me how to enable SSH on Cisco 7200 router with IOS
    12.1? Can I create user_ID with possword on this IOS? If yes, please
    show me the command. Thanks.
    David Smith, May 27, 2004
    #1
    1. Advertising

  2. David Smith

    R. Bressers Guest

    Hi,

    If your IOS supports it:

    ip domain-name entersomething.com
    ca key generate rsa modulus 1024

    line vty 0 15
    transport input ssh
    login

    That should do the job.


    Remco


    David Smith wrote:

    > Hello there,
    >
    > Can anybody show me how to enable SSH on Cisco 7200 router with IOS
    > 12.1? Can I create user_ID with possword on this IOS? If yes, please
    > show me the command. Thanks.
    R. Bressers, May 27, 2004
    #2
    1. Advertising

  3. David Smith

    David Smith Guest

    Hi Remco,

    Thank you for your info. How can I check if my IOS support SSH? During
    the ssh login, will I just be prompted for password or USER_ID, plus
    password? Thanks again.

    -D

    On Thu, 27 May 2004 13:20:34 +0200, "R. Bressers"
    <> wrote:

    >Hi,
    >
    >If your IOS supports it:
    >
    >ip domain-name entersomething.com
    >ca key generate rsa modulus 1024
    >
    >line vty 0 15
    > transport input ssh
    > login
    >
    >That should do the job.
    >
    >
    >Remco
    >
    >
    >David Smith wrote:
    >
    >> Hello there,
    >>
    >> Can anybody show me how to enable SSH on Cisco 7200 router with IOS
    >> 12.1? Can I create user_ID with possword on this IOS? If yes, please
    >> show me the command. Thanks.
    David Smith, May 27, 2004
    #3
  4. David Smith

    Chris Thomas Guest

    In article <>,
    says...
    >
    > Hi Remco,
    >
    > Thank you for your info. How can I check if my IOS support SSH? During
    > the ssh login, will I just be prompted for password or USER_ID, plus
    > password? Thanks again.


    Do a SHOW SSH command. If the router knows about the command, then it
    supports SSH. If not, then you have to download an SSH version of
    IOS. Generally they have K9 or K5 somewhere in the file name. Yes,
    the ssh login looks just like the telnet login

    /Chris, UCLA
    Chris Thomas, May 27, 2004
    #4
  5. David Smith

    mh Guest

    mh, May 27, 2004
    #5
  6. David Smith

    David Smith Guest

    Thank you for reply.

    have successfully generated key already.

    Sh IP ssh

    output --

    SSH Enabled - version 1.5
    Authentication timeout: 120 secs; Authentication retries: 3

    How can I config putty client to connect cisco router (ssh 1 or ssh2),
    do I need key? Why it always asks me for username? where I can see if
    it's DES or 3 DES.

    Thanks again


    On Thu, 27 May 2004 08:16:43 -0700, Chris Thomas
    <> wrote:

    >In article <>,
    > says...
    >>
    >> Hi Remco,
    >>
    >> Thank you for your info. How can I check if my IOS support SSH? During
    >> the ssh login, will I just be prompted for password or USER_ID, plus
    >> password? Thanks again.

    >
    >Do a SHOW SSH command. If the router knows about the command, then it
    >supports SSH. If not, then you have to download an SSH version of
    >IOS. Generally they have K9 or K5 somewhere in the file name. Yes,
    >the ssh login looks just like the telnet login
    >
    >/Chris, UCLA
    David Smith, May 28, 2004
    #6
  7. David Smith

    Chris Thomas Guest

    In article <>,
    says...
    > Thank you for reply.
    >
    > have successfully generated key already.
    >
    > Sh IP ssh
    >
    > output --
    >
    > SSH Enabled - version 1.5
    > Authentication timeout: 120 secs; Authentication retries: 3


    That means the router is running the ssh verison of the image, and
    that a key has been generated. I believe Cisco v 1.5 only supports
    ssh version 1

    > How can I config putty client to connect cisco router (ssh 1 or ssh2),
    > do I need key? Why it always asks me for username? where I can see if
    > it's DES or 3 DES.


    Ssh has different authentication modes, and only a subset are
    supported by the Cisco. The usual mode is to logon specifying a
    userid and password. Use "root" if you haven't set up userids. They
    are encrypted by putty before transmission so there is no security
    exposure (telnet is not - pw is sent in the clear). It may be
    possible to store keys on the router and on putty such that no userid
    needs to be exchanged. I'm not sure whether Cisco supports this ssh
    mode. Either sh ssh or sh ip ssh will show which encryption mode is
    being used by a given active session. I'm pretty sure everyone
    supports 3 DES.

    Once you get ssh working, you probably want to disable telnet. use
    TRANSPORT INPUT SSH on the LINE VTY 0 ... lines.

    /Chris, UCLA
    Chris Thomas, May 28, 2004
    #7
  8. David Smith

    David Smith Guest

    Chris,

    I keep getting access denied.

    No matter which userid I used (including root).

    line vty 0 1
    password 7 094B5E5F4B50
    login
    transport input telnet
    transport output telnet
    line vty 2 3
    password 7 110E09534547
    login
    transport input all
    line vty 4
    password 7 094B5E5F4B50
    login
    transport input none

    any idea?

    On Thu, 27 May 2004 19:10:07 -0700, Chris Thomas
    <> wrote:

    >In article <>,
    > says...
    >> Thank you for reply.
    >>
    >> have successfully generated key already.
    >>
    >> Sh IP ssh
    >>
    >> output --
    >>
    >> SSH Enabled - version 1.5
    >> Authentication timeout: 120 secs; Authentication retries: 3

    >
    >That means the router is running the ssh verison of the image, and
    >that a key has been generated. I believe Cisco v 1.5 only supports
    >ssh version 1
    >
    >> How can I config putty client to connect cisco router (ssh 1 or ssh2),
    >> do I need key? Why it always asks me for username? where I can see if
    >> it's DES or 3 DES.

    >
    >Ssh has different authentication modes, and only a subset are
    >supported by the Cisco. The usual mode is to logon specifying a
    >userid and password. Use "root" if you haven't set up userids. They
    >are encrypted by putty before transmission so there is no security
    >exposure (telnet is not - pw is sent in the clear). It may be
    >possible to store keys on the router and on putty such that no userid
    >needs to be exchanged. I'm not sure whether Cisco supports this ssh
    >mode. Either sh ssh or sh ip ssh will show which encryption mode is
    >being used by a given active session. I'm pretty sure everyone
    >supports 3 DES.
    >
    >Once you get ssh working, you probably want to disable telnet. use
    >TRANSPORT INPUT SSH on the LINE VTY 0 ... lines.
    >
    >/Chris, UCLA
    David Smith, May 28, 2004
    #8
  9. Looks like you are almost there. I didn't see any aaa configured, so
    check to see that you have aaa and local credentials. RADIUS or
    TACACS+ offer much more utility, but local credentials can be
    configured in seconds for a quick test.

    aaa new-model
    aaa authentication login default local
    aaa authorization exec default local

    username hoohaa privilege 15 password 7 0708311A1C5C

    --Jerome

    David Smith <> wrote in message news:<>...
    > Chris,
    >
    > I keep getting access denied.
    >
    > No matter which userid I used (including root).
    >
    > line vty 0 1
    > password 7 094B5E5F4B50
    > login
    > transport input telnet
    > transport output telnet
    > line vty 2 3
    > password 7 110E09534547
    > login
    > transport input all
    > line vty 4
    > password 7 094B5E5F4B50
    > login
    > transport input none
    >
    > any idea?
    >
    > On Thu, 27 May 2004 19:10:07 -0700, Chris Thomas
    > <> wrote:
    >
    > >In article <>,
    > > says...
    > >> Thank you for reply.
    > >>
    > >> have successfully generated key already.
    > >>
    > >> Sh IP ssh
    > >>
    > >> output --
    > >>
    > >> SSH Enabled - version 1.5
    > >> Authentication timeout: 120 secs; Authentication retries: 3

    > >
    > >That means the router is running the ssh verison of the image, and
    > >that a key has been generated. I believe Cisco v 1.5 only supports
    > >ssh version 1
    > >
    > >> How can I config putty client to connect cisco router (ssh 1 or ssh2),
    > >> do I need key? Why it always asks me for username? where I can see if
    > >> it's DES or 3 DES.

    > >
    > >Ssh has different authentication modes, and only a subset are
    > >supported by the Cisco. The usual mode is to logon specifying a
    > >userid and password. Use "root" if you haven't set up userids. They
    > >are encrypted by putty before transmission so there is no security
    > >exposure (telnet is not - pw is sent in the clear). It may be
    > >possible to store keys on the router and on putty such that no userid
    > >needs to be exchanged. I'm not sure whether Cisco supports this ssh
    > >mode. Either sh ssh or sh ip ssh will show which encryption mode is
    > >being used by a given active session. I'm pretty sure everyone
    > >supports 3 DES.
    > >
    > >Once you get ssh working, you probably want to disable telnet. use
    > >TRANSPORT INPUT SSH on the LINE VTY 0 ... lines.
    > >
    > >/Chris, UCLA
    jerome benton, May 28, 2004
    #9
  10. David Smith

    David Smith Guest

    Thank you. I'll try it later.

    On 28 May 2004 09:15:03 -0700, (jerome benton) wrote:

    >Looks like you are almost there. I didn't see any aaa configured, so
    >check to see that you have aaa and local credentials. RADIUS or
    >TACACS+ offer much more utility, but local credentials can be
    >configured in seconds for a quick test.
    >
    >aaa new-model
    >aaa authentication login default local
    >aaa authorization exec default local
    >
    >username hoohaa privilege 15 password 7 0708311A1C5C
    >
    >--Jerome
    >
    >David Smith <> wrote in message news:<>...
    >> Chris,
    >>
    >> I keep getting access denied.
    >>
    >> No matter which userid I used (including root).
    >>
    >> line vty 0 1
    >> password 7 094B5E5F4B50
    >> login
    >> transport input telnet
    >> transport output telnet
    >> line vty 2 3
    >> password 7 110E09534547
    >> login
    >> transport input all
    >> line vty 4
    >> password 7 094B5E5F4B50
    >> login
    >> transport input none
    >>
    >> any idea?
    >>
    >> On Thu, 27 May 2004 19:10:07 -0700, Chris Thomas
    >> <> wrote:
    >>
    >> >In article <>,
    >> > says...
    >> >> Thank you for reply.
    >> >>
    >> >> have successfully generated key already.
    >> >>
    >> >> Sh IP ssh
    >> >>
    >> >> output --
    >> >>
    >> >> SSH Enabled - version 1.5
    >> >> Authentication timeout: 120 secs; Authentication retries: 3
    >> >
    >> >That means the router is running the ssh verison of the image, and
    >> >that a key has been generated. I believe Cisco v 1.5 only supports
    >> >ssh version 1
    >> >
    >> >> How can I config putty client to connect cisco router (ssh 1 or ssh2),
    >> >> do I need key? Why it always asks me for username? where I can see if
    >> >> it's DES or 3 DES.
    >> >
    >> >Ssh has different authentication modes, and only a subset are
    >> >supported by the Cisco. The usual mode is to logon specifying a
    >> >userid and password. Use "root" if you haven't set up userids. They
    >> >are encrypted by putty before transmission so there is no security
    >> >exposure (telnet is not - pw is sent in the clear). It may be
    >> >possible to store keys on the router and on putty such that no userid
    >> >needs to be exchanged. I'm not sure whether Cisco supports this ssh
    >> >mode. Either sh ssh or sh ip ssh will show which encryption mode is
    >> >being used by a given active session. I'm pretty sure everyone
    >> >supports 3 DES.
    >> >
    >> >Once you get ssh working, you probably want to disable telnet. use
    >> >TRANSPORT INPUT SSH on the LINE VTY 0 ... lines.
    >> >
    >> >/Chris, UCLA
    David Smith, May 29, 2004
    #10
  11. David Smith

    David Smith Guest

    It works great. Thank you very much.

    -D

    On 28 May 2004 09:15:03 -0700, (jerome benton) wrote:

    >Looks like you are almost there. I didn't see any aaa configured, so
    >check to see that you have aaa and local credentials. RADIUS or
    >TACACS+ offer much more utility, but local credentials can be
    >configured in seconds for a quick test.
    >
    >aaa new-model
    >aaa authentication login default local
    >aaa authorization exec default local
    >
    >username hoohaa privilege 15 password 7 0708311A1C5C
    >
    >--Jerome
    >
    >David Smith <> wrote in message news:<>...
    >> Chris,
    >>
    >> I keep getting access denied.
    >>
    >> No matter which userid I used (including root).
    >>
    >> line vty 0 1
    >> password 7 094B5E5F4B50
    >> login
    >> transport input telnet
    >> transport output telnet
    >> line vty 2 3
    >> password 7 110E09534547
    >> login
    >> transport input all
    >> line vty 4
    >> password 7 094B5E5F4B50
    >> login
    >> transport input none
    >>
    >> any idea?
    >>
    >> On Thu, 27 May 2004 19:10:07 -0700, Chris Thomas
    >> <> wrote:
    >>
    >> >In article <>,
    >> > says...
    >> >> Thank you for reply.
    >> >>
    >> >> have successfully generated key already.
    >> >>
    >> >> Sh IP ssh
    >> >>
    >> >> output --
    >> >>
    >> >> SSH Enabled - version 1.5
    >> >> Authentication timeout: 120 secs; Authentication retries: 3
    >> >
    >> >That means the router is running the ssh verison of the image, and
    >> >that a key has been generated. I believe Cisco v 1.5 only supports
    >> >ssh version 1
    >> >
    >> >> How can I config putty client to connect cisco router (ssh 1 or ssh2),
    >> >> do I need key? Why it always asks me for username? where I can see if
    >> >> it's DES or 3 DES.
    >> >
    >> >Ssh has different authentication modes, and only a subset are
    >> >supported by the Cisco. The usual mode is to logon specifying a
    >> >userid and password. Use "root" if you haven't set up userids. They
    >> >are encrypted by putty before transmission so there is no security
    >> >exposure (telnet is not - pw is sent in the clear). It may be
    >> >possible to store keys on the router and on putty such that no userid
    >> >needs to be exchanged. I'm not sure whether Cisco supports this ssh
    >> >mode. Either sh ssh or sh ip ssh will show which encryption mode is
    >> >being used by a given active session. I'm pretty sure everyone
    >> >supports 3 DES.
    >> >
    >> >Once you get ssh working, you probably want to disable telnet. use
    >> >TRANSPORT INPUT SSH on the LINE VTY 0 ... lines.
    >> >
    >> >/Chris, UCLA
    David Smith, May 30, 2004
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Matt

    Enable SSH on Router

    Matt, Mar 4, 2004, in forum: Cisco
    Replies:
    6
    Views:
    16,589
    Mustafa Aksu
    Sep 1, 2011
  2. Rits

    Cisco 7200 IOS installation

    Rits, May 25, 2004, in forum: Cisco
    Replies:
    3
    Views:
    5,059
  3. ELR

    Stable IOS Cisco 7200

    ELR, Aug 24, 2005, in forum: Cisco
    Replies:
    2
    Views:
    4,184
  4. Replies:
    0
    Views:
    4,928
  5. londo4
    Replies:
    0
    Views:
    418
    londo4
    Apr 23, 2008
Loading...

Share This Page