Comments on: Advanced SSH settings for Cisco IOS http://cisco-network.com/hands-on/advanced-ssh-settings-for-cisco-ios/ Wed, 28 Mar 2012 14:15:37 +0000 hourly 1 http://wordpress.org/?v=3.1.3 By: MustafaAksu http://cisco-network.com/hands-on/advanced-ssh-settings-for-cisco-ios/comment-page-1/#comment-4774 MustafaAksu Mon, 05 Mar 2012 16:25:07 +0000 http://cisco-network.com/hands-on/advanced-ssh-settings-for-cisco-ios/#comment-4774 Hi Albert To prevent telnet access and allow only ssh,you have to have transport input ssh under line vty section. If you write this command while you do not have ssh enabled on the devices it will be rejected. So, you can still access to device via telnet. You can disable https access with no ip http secure-server and it does not affect ssh setup. Shared component is the key here. You need to create a key to use https , to use ssh , and disable telnet. Hi Albert
To prevent telnet access and allow only ssh,you have to have transport input ssh under line vty section. If you write this command while you do not have ssh enabled on the devices it will be rejected. So, you can still access to device via telnet. You can disable https access with no ip http secure-server and it does not affect ssh setup. Shared component is the key here. You need to create a key to use https , to use ssh , and disable telnet.

]]> By: @lbert http://cisco-network.com/hands-on/advanced-ssh-settings-for-cisco-ios/comment-page-1/#comment-4773 @lbert Mon, 05 Mar 2012 09:52:55 +0000 http://cisco-network.com/hands-on/advanced-ssh-settings-for-cisco-ios/#comment-4773 Good day! Guys i got the solution for this problem, i incidentally turn off my ip http secure-server that is why my ssh is turn off also. All my switches is now denying all the telnet connection. Good day! Guys i got the solution for this problem, i incidentally turn off my ip http secure-server that is why my ssh is turn off also. All my switches is now denying all the telnet connection.

]]> By: @lbert http://cisco-network.com/hands-on/advanced-ssh-settings-for-cisco-ios/comment-page-1/#comment-4772 @lbert Mon, 05 Mar 2012 08:50:49 +0000 http://cisco-network.com/hands-on/advanced-ssh-settings-for-cisco-ios/#comment-4772 I configured my cisco switch 2960 series to only allow SSH but unfortunately telnet still allowed.I already configured all my switches before but 1 thing i noticed when i use the command SHO RUN the only difference is my new switch config dont have this crypto like info. below, crypto pki trustpoint TP-self-signed- enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate- revocation-check none rsakeypair TP-self-signed- Anybody can help me about this issue?Thank you in advanced I configured my cisco switch 2960 series to only allow SSH but unfortunately telnet still allowed.I already configured all my switches before but 1 thing i noticed when i use the command SHO RUN the only difference is my new switch config dont have this crypto like info. below,
crypto pki trustpoint TP-self-signed-
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-
revocation-check none
rsakeypair TP-self-signed-

Anybody can help me about this issue?Thank you in advanced

]]> By: c3po http://cisco-network.com/hands-on/advanced-ssh-settings-for-cisco-ios/comment-page-1/#comment-268 c3po Thu, 21 May 2009 20:47:05 +0000 http://cisco-network.com/hands-on/advanced-ssh-settings-for-cisco-ios/#comment-268 how i can auto in via SSH i was try saving the public key on the client of putty and the ios of cisco and i cant enter, just in the same shh and calling the router via the ssh server, soo i want to find the way how to configure the ssh server for enter automatic. pz and sorry for my bad english. how i can auto in via SSH i was try saving the public key on the client of putty and the ios of cisco and i cant enter, just in the same shh and calling the router via the ssh server, soo i want to find the way how to configure the ssh server for enter automatic.

pz and sorry for my bad english.

]]> By: Anon http://cisco-network.com/hands-on/advanced-ssh-settings-for-cisco-ios/comment-page-1/#comment-186 Anon Tue, 09 Dec 2008 14:44:06 +0000 http://cisco-network.com/hands-on/advanced-ssh-settings-for-cisco-ios/#comment-186 A very important point to note is that if you change the hostname, devices connecting to your router won't see it as a valid certificate. The key DOES stay the same, and CAN be used, but connecting via a web browser will throw up a Certificate error This is because the key was generated - and married to - the original hostname. If you ignore this warning in your browser, it will still work, but you'll always have to click through the error. Cheers A very important point to note is that if you change the hostname, devices connecting to your router won’t see it as a valid certificate.

The key DOES stay the same, and CAN be used, but connecting via a web browser will throw up a Certificate error

This is because the key was generated – and married to – the original hostname. If you ignore this warning in your browser, it will still work, but you’ll always have to click through the error.

Cheers

]]> By: SSH @ Cisco | Cisco Network Experience http://cisco-network.com/hands-on/advanced-ssh-settings-for-cisco-ios/comment-page-1/#comment-23 SSH @ Cisco | Cisco Network Experience Sun, 25 Nov 2007 20:52:10 +0000 http://cisco-network.com/hands-on/advanced-ssh-settings-for-cisco-ios/#comment-23 [...] If you able to access your device with SSH but still have some other questions please have a look at Advanced SSH settings for Cisco IOS . [...] [...] If you able to access your device with SSH but still have some other questions please have a look at Advanced SSH settings for Cisco IOS . [...]

]]>