cb_it
asked on
cisco ssh help
I'm not a router expert at all so bear with me. I have a Cisco 2811 and I have to turn off telnet, and connect only with ssh. I did the following only and now I cant access the router.
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#line vty 0 4
Router(config-line)#transp ort input ssh
Router(config-line)#^Z
Router#exit
I try to connect using Putty and I get 'Network error connection refused'. I can access the router via the web interface if that will help.
Can I reenable telnet?? Or configure this thing from the web interface? Any help would be greatly appreciated.
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#line vty 0 4
Router(config-line)#transp
Router(config-line)#^Z
Router#exit
I try to connect using Putty and I get 'Network error connection refused'. I can access the router via the web interface if that will help.
Can I reenable telnet?? Or configure this thing from the web interface? Any help would be greatly appreciated.
ASKER
What do I do now? How do I add 'login local'? Can I do this form the web interface?
I assume you did a wr mem and can't just reload to go back to original config?
I am not familiar with the web interface so not sure what commands are available
Have you the SDM on the router? If so you can use it to re-enable telnet
Once connected to SDM go to Additional Tasks
Router access
Input protocols allowed - set to telnet and ssh
I am not familiar with the web interface so not sure what commands are available
Have you the SDM on the router? If so you can use it to re-enable telnet
Once connected to SDM go to Additional Tasks
Router access
Input protocols allowed - set to telnet and ssh
ASKER
I did NOT do a write memory. How would I reload to get back to original config - I am not an expert so baby steps for me.
I'm not using the SDM, I would always do basic config changes via telnet. Can I download/install the SDM?
I'm not using the SDM, I would always do basic config changes via telnet. Can I download/install the SDM?
Ok if you didn't do wr mem then the config isn't saved to the router yet
Just power off the router at the switch
It will reload with the original config and you will have telnet again
Just power off the router at the switch
It will reload with the original config and you will have telnet again
ASKER
The thing is that this router is not local to me, it's at a remote location. I can access the router via the web interface - can I reload from there?
Can you post a screenshot of the web interface?
I am unfortunately not familiar with it, but yes there might be a command you can click/execute to reload
Or what can you see on the interface? Can you see any commands at all?
I am unfortunately not familiar with it, but yes there might be a command you can click/execute to reload
Or what can you see on the interface? Can you see any commands at all?
To download SDM see this link(better instructions than I can give you plus few videos to help) - http://www.howtonetwork.net/public/507.cfm
Here are the commands you need to get ssh working complete
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#username <myusername> password <mypassword>
Router(config)#line vty 0 4
Router(config-line)#login local
Router(config-line)#transp ort input ssh
Router(config-line)#^Z
Router#exit
Replace <myusername> with a created username
Same for <mypassword>
Think that is all you need...
Here are the commands you need to get ssh working complete
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#username <myusername> password <mypassword>
Router(config)#line vty 0 4
Router(config-line)#login local
Router(config-line)#transp
Router(config-line)#^Z
Router#exit
Replace <myusername> with a created username
Same for <mypassword>
Think that is all you need...
ASKER
Not so sure about the username and password. I already have a username to login with, and an enable password. My old boss disabled telnet on some of our routers and none of our passwords changed. I tried to reload from the web interface but it says
System configuration has been modified.
Save configuration and resubmit reload command.
System configuration has been modified.
Save configuration and resubmit reload command.
ASKER
Well, I'm back in via telnet. I figured out the web interface.
I did
line vty 0 4
transport input telnet
and I can now telnet back in. Earlier I did transport input ssh and lost all contact. If anyone has detailed step by step to use ssh and disable telnet let me know! It's late in the day and I dont want to lose contact to this router!!
I did
line vty 0 4
transport input telnet
and I can now telnet back in. Earlier I did transport input ssh and lost all contact. If anyone has detailed step by step to use ssh and disable telnet let me know! It's late in the day and I dont want to lose contact to this router!!
Here is a step by step - http://www.sadikhov.com/forum/index.php?/topic/168827-how-can-i-enable-ssh-disable-telnet-cisco-switch/
Since I can't see your current running config I can't tell if you have all the relevant commands, but see above link for help...
Since I can't see your current running config I can't tell if you have all the relevant commands, but see above link for help...
ASKER
from the web interface I can see
Cisco IOS Software, 2800 Software (C2800NM-IPBASEK9-M), Version 12.4(15)T
I read that K9 means that router is ssh capable, not sure if that's true.
I'm lost.
Cisco IOS Software, 2800 Software (C2800NM-IPBASEK9-M), Version 12.4(15)T
I read that K9 means that router is ssh capable, not sure if that's true.
I'm lost.
Yes the router is ssh capable
Have you hostname set?
Have you domain-name set?
conf t
hostname <yourhostname>
ip domain name <your domain>
ip http secure-server
Once you have those commands entered plus what you originally had you should be good to go
Have you hostname set?
Have you domain-name set?
conf t
hostname <yourhostname>
ip domain name <your domain>
ip http secure-server
Once you have those commands entered plus what you originally had you should be good to go
ASKER
This is not a new router so I already have hostname and domain name set. I searched the config and I have
ip http server
no ip http secure-server
so, should I just switch those and put
no ip http server (do I need a "no" here?)
ip http secure-server
I'll try this tomorrow, leaving now. Thanks so much for all the help!
ip http server
no ip http secure-server
so, should I just switch those and put
no ip http server (do I need a "no" here?)
ip http secure-server
I'll try this tomorrow, leaving now. Thanks so much for all the help!
Yes switch those, well actually you can leave the original http server it doesn't matter
But yes change no ip http secure-server to 'ip http secure-server' and hopefully you are good to go...
But yes change no ip http secure-server to 'ip http secure-server' and hopefully you are good to go...
ASKER
I'll try this tomorrow
Router(config)#ip http secure-server
Router(config)#line vty 0 4
Router(config-line)#transp ort input ssh
Router(config)#ip http secure-server
Router(config)#line vty 0 4
Router(config-line)#transp
Oh and leave ip http server otherwise you'll disable your web interface!! Just remembered that one ;)
This config is for a Cisco switch. Buy you can use the same for setting up SSH on the router and connect with putty
http://www.slideshare.net/designnetworks/how-to-configure-ssh-on-cisco-switch
http://www.slideshare.net/designnetworks/how-to-configure-ssh-on-cisco-switch
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
login local
You will also need to configure a local user