How can I enable SSH on Cisco 7200 router with IOS 12.1?

Discussion in 'Cisco' started by David Smith, May 27, 2004.

  1. David Smith

    David Smith Guest

    Hello there,

    Can anybody show me how to enable SSH on Cisco 7200 router with IOS
    12.1? Can I create user_ID with possword on this IOS? If yes, please
    show me the command. Thanks.
     
    David Smith, May 27, 2004
    #1
    1. Advertisements

  2. David Smith

    R. Bressers Guest

    Hi,

    If your IOS supports it:

    ip domain-name entersomething.com
    ca key generate rsa modulus 1024

    line vty 0 15
    transport input ssh
    login

    That should do the job.


    Remco
     
    R. Bressers, May 27, 2004
    #2
    1. Advertisements

  3. David Smith

    David Smith Guest

    Hi Remco,

    Thank you for your info. How can I check if my IOS support SSH? During
    the ssh login, will I just be prompted for password or USER_ID, plus
    password? Thanks again.

    -D
     
    David Smith, May 27, 2004
    #3
  4. David Smith

    Chris Thomas Guest

    Do a SHOW SSH command. If the router knows about the command, then it
    supports SSH. If not, then you have to download an SSH version of
    IOS. Generally they have K9 or K5 somewhere in the file name. Yes,
    the ssh login looks just like the telnet login

    /Chris, UCLA
     
    Chris Thomas, May 27, 2004
    #4
  5. David Smith

    mh Guest

    mh, May 27, 2004
    #5
  6. David Smith

    David Smith Guest

    Thank you for reply.

    have successfully generated key already.

    Sh IP ssh

    output --

    SSH Enabled - version 1.5
    Authentication timeout: 120 secs; Authentication retries: 3

    How can I config putty client to connect cisco router (ssh 1 or ssh2),
    do I need key? Why it always asks me for username? where I can see if
    it's DES or 3 DES.

    Thanks again
     
    David Smith, May 28, 2004
    #6
  7. David Smith

    Chris Thomas Guest

    That means the router is running the ssh verison of the image, and
    that a key has been generated. I believe Cisco v 1.5 only supports
    ssh version 1
    Ssh has different authentication modes, and only a subset are
    supported by the Cisco. The usual mode is to logon specifying a
    userid and password. Use "root" if you haven't set up userids. They
    are encrypted by putty before transmission so there is no security
    exposure (telnet is not - pw is sent in the clear). It may be
    possible to store keys on the router and on putty such that no userid
    needs to be exchanged. I'm not sure whether Cisco supports this ssh
    mode. Either sh ssh or sh ip ssh will show which encryption mode is
    being used by a given active session. I'm pretty sure everyone
    supports 3 DES.

    Once you get ssh working, you probably want to disable telnet. use
    TRANSPORT INPUT SSH on the LINE VTY 0 ... lines.

    /Chris, UCLA
     
    Chris Thomas, May 28, 2004
    #7
  8. David Smith

    David Smith Guest

    Chris,

    I keep getting access denied.

    No matter which userid I used (including root).

    line vty 0 1
    password 7 094B5E5F4B50
    login
    transport input telnet
    transport output telnet
    line vty 2 3
    password 7 110E09534547
    login
    transport input all
    line vty 4
    password 7 094B5E5F4B50
    login
    transport input none

    any idea?
     
    David Smith, May 28, 2004
    #8
  9. Looks like you are almost there. I didn't see any aaa configured, so
    check to see that you have aaa and local credentials. RADIUS or
    TACACS+ offer much more utility, but local credentials can be
    configured in seconds for a quick test.

    aaa new-model
    aaa authentication login default local
    aaa authorization exec default local

    username hoohaa privilege 15 password 7 0708311A1C5C

    --Jerome
     
    jerome benton, May 28, 2004
    #9
  10. David Smith

    David Smith Guest

    Thank you. I'll try it later.

     
    David Smith, May 29, 2004
    #10
  11. David Smith

    David Smith Guest

    It works great. Thank you very much.

    -D

     
    David Smith, May 30, 2004
    #11
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.