cisco ssh help

I'm not a router expert at all so bear with me. I have a Cisco 2811 and I have to turn off telnet, and connect only with ssh. I did the following only and now I cant access the router.

Router#config t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#line vty 0 4
Router(config-line)#transport input ssh
Router(config-line)#^Z
Router#exit

I try to connect using Putty and I get 'Network error connection refused'. I can access the router via the web interface if that will help.

Can I reenable telnet?? Or configure this thing from the web interface? Any help would be greatly appreciated.
cb_itAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

smckeown777Commented:
You are missing the login info I think, to enable ssh you need

login local

You will also need to configure a local user
cb_itAuthor Commented:
What do I do now? How do I add 'login local'? Can I do this form the web interface?
smckeown777Commented:
I assume you did a wr mem and can't just reload to go back to original config?

I am not familiar with the web interface so not sure what commands are available
Have you the SDM on the router? If so you can use it to re-enable telnet

Once connected to SDM go to Additional Tasks
Router access
Input protocols allowed - set to telnet and ssh
Defend Against the Q2 Top Security Threats

Were you aware that overall malware worldwide was down a surprising 42% from Q1'18? Every quarter, the WatchGuard Threat Lab releases an Internet Security Report that analyzes the top threat trends impacting companies worldwide. Learn more by viewing our on-demand webinar today!

cb_itAuthor Commented:
I did NOT do a write memory. How would I reload to get back to original config - I am not an expert so baby steps for me.

I'm not using the SDM, I would always do basic config changes via telnet. Can I download/install the SDM?
smckeown777Commented:
Ok if you didn't do wr mem then the config isn't saved to the router yet
Just power off the router at the switch
It will reload with the original config and you will have telnet again
cb_itAuthor Commented:
The thing is that this router is not local to me, it's at a remote location. I can access the router via the web interface - can I reload from there?
smckeown777Commented:
Can you post a screenshot of the web interface?
I am unfortunately not familiar with it, but yes there might be a command you can click/execute to reload
Or what can you see on the interface? Can you see any commands at all?
smckeown777Commented:
To download SDM see this link(better instructions than I can give you plus few videos to help) - http://www.howtonetwork.net/public/507.cfm

Here are the commands you need to get ssh working complete

Router#config t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#username <myusername> password <mypassword>
Router(config)#line vty 0 4
Router(config-line)#login local
Router(config-line)#transport input ssh
Router(config-line)#^Z
Router#exit

Replace <myusername> with a created username
Same for <mypassword>

Think that is all you need...
cb_itAuthor Commented:
Not so sure about the username and password. I already have a username to login with, and an enable password. My old boss disabled telnet on some of our routers and none of our passwords changed. I tried to reload from the web interface but it says

System configuration has been modified.
Save configuration and resubmit reload command.
cb_itAuthor Commented:
Well, I'm back in via telnet. I figured out the web interface.

I did

line vty 0 4
transport input telnet

and I can now telnet back in. Earlier I did transport input ssh and lost all contact. If anyone has detailed step by step to use ssh and disable telnet let me know! It's late in the day and I dont want to lose contact to this router!!
smckeown777Commented:
Here is a step by step - http://www.sadikhov.com/forum/index.php?/topic/168827-how-can-i-enable-ssh-disable-telnet-cisco-switch/

Since I can't see your current running config I can't tell if you have all the relevant commands, but see above link for help...
cb_itAuthor Commented:
from the web interface I can see
Cisco IOS Software, 2800 Software (C2800NM-IPBASEK9-M), Version 12.4(15)T

I read that K9 means that router is ssh capable, not sure if that's true.

I'm lost.
smckeown777Commented:
Yes the router is ssh capable

Have you hostname set?
Have you domain-name set?

conf t
hostname <yourhostname>
ip domain name <your domain>
ip http secure-server

Once you have those commands entered plus what you originally had you should be good to go
cb_itAuthor Commented:
This is not a new router so I already have hostname and domain name set. I searched the config and I have

ip http server
no ip http secure-server

so, should I just switch those and put
no ip http server (do I need a "no" here?)
ip http secure-server

I'll try this tomorrow, leaving now. Thanks so much for all the help!
smckeown777Commented:
Yes switch those, well actually you can leave the original http server it doesn't matter
But yes change no ip http secure-server to 'ip http secure-server' and hopefully you are good to go...
cb_itAuthor Commented:
I'll try this tomorrow

Router(config)#ip http secure-server
Router(config)#line vty 0 4
Router(config-line)#transport input ssh
smckeown777Commented:
Oh and leave ip http server otherwise you'll disable your web interface!! Just remembered that one ;)
andrew1812Commented:
This config is for a Cisco switch. Buy you can use the same for setting up SSH on the router and connect with putty

http://www.slideshare.net/designnetworks/how-to-configure-ssh-on-cisco-switch
lruiz52Commented:
You are missing the crypto keys use the below;


1.      enable

2.      configure terminal

3.      hostname something

4.      ip domain-name something.com

5.      crypto key generate rsa

7.     ip ssh version  2

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking Hardware-Other

From novice to tech pro — start learning today.