This is true but all documentation on the Cisco website relates to version
1, is version 2 supported
D'Wayne Saunders
Senior MIS Operator, CCNA
-----Original Message-----
From: Tim O'Brien [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, 1 May 2001 0:27
To: Dwayne Saunders
Subject: Re: SSH version2 for 7120 [7:2570]
Using SSH for Terminal Servers
SSH is only applied to the VTY's of a router. It cannot be applied to the
other LINEs. "Terminal Server" style access will have to form an SSH session
to the router and then form a session to a line to access a device at the
end of it. This can be simplified to some extent. If I have a 3620 with an
A32, then I can have the following configuration.
!
aaa new-model
aaa authentication login ruth none
aaa authentication login sarah tacacs+ local
enable secret 5 *elided*
...
interface Loopback0
ip address 12.0.0.1 255.255.255.0
no ip directed-broadcast
!
interface ethernet 0/0
ip address 10.1.1.99 255.255.255.0
no ip directed-broadcast
...
!
access-list 4 permit 12.0.0.1
!
line con 0
transport input none
line 33 41
access-class 4 in
no exec
login authentication ruth
transport input telnet
!
! having the aaa authentication list of "ruth" applied will allow
! direct access to the lines without prompting for a username/password
!
! having the transport input limited to telnet will prevent other
! sessions attempts to the line
...
line vty 0 4
exec-timeout 0 0
password cisco
login authentication sarah
transport input ssh telnet
!
end
Then I can start a session from my Unix device directly to a line as
follows:
unix% ssh -x -t -c 3des -l chris 10.1.1.99 "telnet 12.0.0.1 2033"
[EMAIL PROTECTED]'s password: *elided*
Trying 12.0.0.1, 2033 ... Open
DevicePrompt>
The only thing that I entered was the ssh command and then my password. The
rest was automated through until I got the prompt from the device at the end
of the line. This is more difficult to do from a Windows client as most of
those don't allow the inclusion of the "command". In that case, it would be
best if you just formed the SSH session to the router and then performed the
command:
router> telnet 12.0.0.1 2033
If the line doesn't support hardware shutdown (DTR toggle) then you may have
to resort to "~." from your ssh session to terminate the session. Once that
is broken, then the "telnet" session will be cleanly disconnected and the
line will be freed.
----------------------------------------------------------------------------
----
Excluding the Use of Telnet
The types of access to the router can be controlled through the use of the
transport input command. Accecss can be limited to only incoming SSH
sessions by applying only the ssh keyword as follows:
line vty 0 4
exec-timeout 0 0
password cisco
login authentication sarah
transport input ssh
----- Original Message -----
From: "Dwayne Saunders"
To:
Sent: Monday, April 30, 2001 10:56 AM
Subject: SSH version2 for 7120 [7:2570]
Can anyone point me to the links to be able to configure ssh ver2 on a 7120
router
and what ios do I need
D'Wayne Saunders
Senior MIS Operator, CCNA
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=2580&t=2570
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
