Solved

Cisco 831 vty ssh login

Posted on 2006-11-28
8
1,681 Views
Last Modified: 2008-02-01
Hi,

Just trying to setup my vty 0 line to use ssh.

I have dont the following

Router#config terminal
Router(config)#hostname RouterOne
RouterOne(config)#ip domain-name mydomain.com
RouterOne(config)#crypto key generate rsa
The name for the keys will be: RouterOne
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
Generating RSA keys ...
[OK]
RouterOne(config)#ip ssh time-out 60
RouterOne(config)#ip ssh authentication-retries 2
RouterOne(config)#line vty 0 4
RouterOne(config-line)#transport input ssh
RouterOne(config-line)#^Z
RouterOne#


-----------------------------------------------

I have also setup usernames and passwords.

Now the problem I am having is connecting via SSH. I am using a application called SecureCRT and it has an option to connect via SSHv1.  I cannot seem to get it to connect?

0
Comment
Question by:amerretz
  • 4
  • 4
8 Comments
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 18038805
It should work fine with SSHV1. I use Secure CRT without a problem- but check the Secure CRT session configuration and verify that it's using port 22, not port 23. It seems to get confused and tries ssh on port 23 if you don't fix it.
0
 

Author Comment

by:amerretz
ID: 18040421
When I try to telnet to my hostname it does not work.... I have to telnet to the IP address. Do you think this would have impact on connection? Why do you think I cant telnet or ping my routers hostname?

I have seen in tutorials that the hostname is used as opposed to the ip address and it works.

Thanks
0
 

Author Comment

by:amerretz
ID: 18040588
How do I find out the rsa that the cisco router generated? Do I need to enter this key into the SecureCRT properties?

Can you tell me what settings you are using? Does the hostname use NETBIOS or does a host record need to be created through DNS?

Thanks
0
 
LVL 28

Accepted Solution

by:
mikebernhardt earned 250 total points
ID: 18041733
If you're using the host name, you have to have a DNS record for the host name. Remember that your PC needs to know who that host is. NETBIOS is not used at all. The router can be called anything. However, this has no bearing on your problem. you can ssh to the IP address as easily as the IP address.

When you try to connect to the router the first time, it should ask you if you want to accept the key. there is nothing you need to manually with the key.

Again, make sure that your ssh session is using port 22, not port 23!
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 28

Expert Comment

by:mikebernhardt
ID: 18041749
Also make sure that under the ssh authentication methods, that RSA and password are checked.
0
 

Author Comment

by:amerretz
ID: 18041928
I had a acl blocking vty 0 .......

Thanks for your help, its working now.
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 18042027
Ahh, that would do it. I assumed that the config you posted was all there was for vty 0.
0
 

Author Comment

by:amerretz
ID: 18042100
Yeah but I wasnt using CRT through a computer that only had console access. I am trying to harden the security on this router.

I have vty 1 4 disabled. Only allow vty 0 from 1 ip address. It wouldve helped if I was trying this all from that address.....hehehehe sorry
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How does VLAN work? Scenario: (please read the question) 11 99
EIGRP  router failure 14 40
VLAN question 7 60
How to setup PLEX PLUS on 2 computers 2 40
In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

947 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now