sujet Re: Enable ssh on cisco nexus 5k Switch for a public ip addresses dans Discussions de Data Center

Enable ssh on cisco nexus 5k Switch for a public ip addresses

starsulaiman — Thu, 14 Dec 2023 12:20:26 GMT

Hello All,

I have been asked to enable ssh on cisco nexus 5k for a specific public ip addresses.

I have never done that before can someone provides me the configurations, please.

I have below configs, and will this be correct?

crypto key generate rsa usage-keys label ssh-key modulus 2048
!
feature ssh
!
interface g0
ip address 1.1.1.1 255.255.255.22
!
ssh version 2
ssh key rsa ssh-key
!
line ssh
exec-timeout 5 0
login local
!
username admin privilege 15 secret Admin123
enable secret Admin123
!
line vty 0 15
transport input ssh
!
write memory
!
show ssh
!
show ssh sessions
!

do i need to create ACL for it? if yes which interface should be applied?

can i have an example please?

many thank you

Re: Enable ssh on cisco nexus 5k Switch for a public ip addresses

balaji.bandi — Thu, 14 Dec 2023 12:47:15 GMT

If you looking external IP address to access this device for SSH - make sure the Public IP able to reach the device IP (that is 1.1.1.1 - i am sure this is example IP not original one i guess ?)

below example for SSH to device :

ip access-list extended SSH_ACL

permit ip any host x.x.x.x ( x.x.x.x is the Public IP address)

permit ip any x.x.x.x/24 (your network LAN)

line vty 0 15

access-class SSH_ACL in

transport input ssh

above config should work, make sure you also allow Internal Subnet (if not you only able to login using public IP)

Re: Enable ssh on cisco nexus 5k Switch for a public ip addresses

starsulaiman — Thu, 14 Dec 2023 12:54:52 GMT

Hello Balaji,

thank you for the quick response.

a question please? dose below is my user lan network or my switch mgmt subnet network please

permit ip any x.x.x.x/24 (your network LAN)

Re: Enable ssh on cisco nexus 5k Switch for a public ip addresses

balaji.bandi — Thu, 14 Dec 2023 15:23:04 GMT

You Lan IP address from that range of subnet you looking to access switch using SSH.

permit ip x.x.x.x/24 any

Re: Enable ssh on cisco nexus 5k Switch for a public ip addresses

M02@rt37 — Thu, 14 Dec 2023 13:31:15 GMT

Hello @starsulaiman,

You have to enable SSH on a Cisco Nexus 5000 Series switch and you should restrict access to specific public IP addresses.

# Restrict SSH to specific IP addresses using an ACL
ip access-list ssh-acl
10 permit ip x.x.x.x./yy any
20 permit ip x.x.x.x./yy any
30 deny ip any any

# Apply the ACL to the VTY lines
line vty 0 15

-------

I added an example ACL to restrict SSH access to specific IP (source) addresses. Adjust the ACL entries based on your requirements. Apply this ACL to the VTY lines to restrict SSH access based on the ACL.

Re: Enable ssh on cisco nexus 5k Switch for a public ip addresses

MHM Cisco World — Thu, 14 Dec 2023 15:47:56 GMT

1-dont use extended use standard acl

2- the standard acl IP is the IP form which you can access

3- you need

Password xxxx

To make vty accept ssh

MHM