Solved

cisco ssh help

Posted on 2012-04-10
19
508 Views
Last Modified: 2012-04-16
I'm not a router expert at all so bear with me. I have a Cisco 2811 and I have to turn off telnet, and connect only with ssh. I did the following only and now I cant access the router.

Router#config t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#line vty 0 4
Router(config-line)#transport input ssh
Router(config-line)#^Z
Router#exit

I try to connect using Putty and I get 'Network error connection refused'. I can access the router via the web interface if that will help.

Can I reenable telnet?? Or configure this thing from the web interface? Any help would be greatly appreciated.
0
Comment
Question by:cb_it
19 Comments
 
LVL 24

Expert Comment

by:smckeown777
Comment Utility
You are missing the login info I think, to enable ssh you need

login local

You will also need to configure a local user
0
 

Author Comment

by:cb_it
Comment Utility
What do I do now? How do I add 'login local'? Can I do this form the web interface?
0
 
LVL 24

Expert Comment

by:smckeown777
Comment Utility
I assume you did a wr mem and can't just reload to go back to original config?

I am not familiar with the web interface so not sure what commands are available
Have you the SDM on the router? If so you can use it to re-enable telnet

Once connected to SDM go to Additional Tasks
Router access
Input protocols allowed - set to telnet and ssh
0
 

Author Comment

by:cb_it
Comment Utility
I did NOT do a write memory. How would I reload to get back to original config - I am not an expert so baby steps for me.

I'm not using the SDM, I would always do basic config changes via telnet. Can I download/install the SDM?
0
 
LVL 24

Expert Comment

by:smckeown777
Comment Utility
Ok if you didn't do wr mem then the config isn't saved to the router yet
Just power off the router at the switch
It will reload with the original config and you will have telnet again
0
 

Author Comment

by:cb_it
Comment Utility
The thing is that this router is not local to me, it's at a remote location. I can access the router via the web interface - can I reload from there?
0
 
LVL 24

Expert Comment

by:smckeown777
Comment Utility
Can you post a screenshot of the web interface?
I am unfortunately not familiar with it, but yes there might be a command you can click/execute to reload
Or what can you see on the interface? Can you see any commands at all?
0
 
LVL 24

Expert Comment

by:smckeown777
Comment Utility
To download SDM see this link(better instructions than I can give you plus few videos to help) - http://www.howtonetwork.net/public/507.cfm

Here are the commands you need to get ssh working complete

Router#config t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#username <myusername> password <mypassword>
Router(config)#line vty 0 4
Router(config-line)#login local
Router(config-line)#transport input ssh
Router(config-line)#^Z
Router#exit

Replace <myusername> with a created username
Same for <mypassword>

Think that is all you need...
0
 

Author Comment

by:cb_it
Comment Utility
Not so sure about the username and password. I already have a username to login with, and an enable password. My old boss disabled telnet on some of our routers and none of our passwords changed. I tried to reload from the web interface but it says

System configuration has been modified.
Save configuration and resubmit reload command.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:cb_it
Comment Utility
Well, I'm back in via telnet. I figured out the web interface.

I did

line vty 0 4
transport input telnet

and I can now telnet back in. Earlier I did transport input ssh and lost all contact. If anyone has detailed step by step to use ssh and disable telnet let me know! It's late in the day and I dont want to lose contact to this router!!
0
 
LVL 24

Expert Comment

by:smckeown777
Comment Utility
Here is a step by step - http://www.sadikhov.com/forum/index.php?/topic/168827-how-can-i-enable-ssh-disable-telnet-cisco-switch/

Since I can't see your current running config I can't tell if you have all the relevant commands, but see above link for help...
0
 

Author Comment

by:cb_it
Comment Utility
from the web interface I can see
Cisco IOS Software, 2800 Software (C2800NM-IPBASEK9-M), Version 12.4(15)T

I read that K9 means that router is ssh capable, not sure if that's true.

I'm lost.
0
 
LVL 24

Expert Comment

by:smckeown777
Comment Utility
Yes the router is ssh capable

Have you hostname set?
Have you domain-name set?

conf t
hostname <yourhostname>
ip domain name <your domain>
ip http secure-server

Once you have those commands entered plus what you originally had you should be good to go
0
 

Author Comment

by:cb_it
Comment Utility
This is not a new router so I already have hostname and domain name set. I searched the config and I have

ip http server
no ip http secure-server

so, should I just switch those and put
no ip http server (do I need a "no" here?)
ip http secure-server

I'll try this tomorrow, leaving now. Thanks so much for all the help!
0
 
LVL 24

Expert Comment

by:smckeown777
Comment Utility
Yes switch those, well actually you can leave the original http server it doesn't matter
But yes change no ip http secure-server to 'ip http secure-server' and hopefully you are good to go...
0
 

Author Comment

by:cb_it
Comment Utility
I'll try this tomorrow

Router(config)#ip http secure-server
Router(config)#line vty 0 4
Router(config-line)#transport input ssh
0
 
LVL 24

Expert Comment

by:smckeown777
Comment Utility
Oh and leave ip http server otherwise you'll disable your web interface!! Just remembered that one ;)
0
 
LVL 5

Expert Comment

by:andrew1812
Comment Utility
This config is for a Cisco switch. Buy you can use the same for setting up SSH on the router and connect with putty

http://www.slideshare.net/designnetworks/how-to-configure-ssh-on-cisco-switch
0
 
LVL 17

Accepted Solution

by:
lruiz52 earned 500 total points
Comment Utility
You are missing the crypto keys use the below;


1.      enable

2.      configure terminal

3.      hostname something

4.      ip domain-name something.com

5.      crypto key generate rsa

7.     ip ssh version  2
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

This article will step through configuring a SonicWALL appliance to utilize an internal DHCP server for Global VPN Client (GVC) hosts.  There are times when using an external (external to the SonicWALL) DHCP server, such as Windows Servers, isn’t pr…
This article is a how to to configure a UCS Ethernet-uplink portchannel via the console. It is easy to do and can be done quite quickly. In certain versions of the UCS manager the portchannel has issues coming up and this is a workaround. I am…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video discusses moving either the default database or any database to a new volume.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now