Showing results for 
Search instead for 
Did you mean: 
Robert Thomas
Rising star
Rising star




    Cisco IP Phones have a built-in SSH server which enables the administrator to login and enable specific debugs.  For most troubleshooting, the default level of phone debugs are sufficient however there may be some cases where working with Cisco TAC or Engineering it may be necessary to enable further phone debugs.  Once enabled these debugs are printed in the phone console logs.  This other document explains how to gather the phone console logs.


    Setting the SSH Login Credentials


    Login to the phone webpage ( CM Administration -> Phone ) and then scroll to the protocol specific configuration section. Under the Secure Shell information fill in a Username and Password:


    ScreenHunter_01 Oct. 26 08.54.gif

    For this example we used cisco cisco as the username and password combination.


    Logging into the phone

    Login to the phone via SSH. Use the username and password configure on the previous step.


    Once logged in you will get a second prompt:




    Use a built in account of default and a password of user


         ssh cisco@

         cisco@'s password: cisco

         login: default



    ScreenHunter_02 Oct. 26 09.01.gif


    Update --------


    Based on the BugID CSCtr08892, the Default port for SSH (22) is been disabled on the firmware version SCCP41-9.2.1. This port can be enable on CUCM 8.6.1 or above. If not, a downgrade of the firmware or upgrade of the CUCM server is mandatory (so far).


    Hi Everyone,

    In my environment, i just have Call Manager Esxpress (CME) version 8.4, how can I enable ssh to ip phone 7960G (SCCP) since i don't have CUCM to configure username and password for ssh?

    Please advise.


    Ovindo Prastyo Utomo


    Just to mention that at least in the more recent SCCP firmware on the 7962 phones, the correct built-in account is debug/debug. 

    You can then enable the necessary debugs and run a "show strace" to get the console logs within the terminal session.

    neil wooloff

    I do not see in this guide or other comments, how to actually set the debug level nor how to check what it currently is

    without that important information this guide is kinda redundant, especially as different model and firmware seem to have different secondary login credentials be known.

    for refernece i was pointed to this from here;

    so if cisco are telling us to follow a guide, that guide should be accurate and up to date and relevant.


    Getting Started

    Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: