Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4421
Views
5
Helpful
8
Replies

How to disable SSH on a phone on CUCME

Georgios Sotiropoulos (OLD)
Level 1
Level 1

‎01-10-2013 03:51 AM - last edited on ‎03-09-2022 11:25 PM by Community Manager

Hello Community,

Do you know if there is a command (on telephony-services, or not) that disables SSH access on Cisco phones (for example 7945 SCCP), similar to what occurs on the Cisco Unified Communications Manager (server)?

Many thanks in advance,

George S.

Labels:
0 Helpful
8 Replies 8

Harmit Singh
Cisco Employee
Cisco Employee

‎01-10-2013 04:32 AM

Hi George,

Firmware 9.2.1 and higher has SSH disabled by default. If you want to check whether it's enabled or not, look for the following commands which would mean it's enabled:

config t

telephony-service

service phone sshAccess 0

ssh userid cisco password cisco

create cnf

exit

ephone 1

ssh userid cisco password cisco

reset

HTH. Please rate if helpful.

Regards,

Harmit.

Georgios Sotiropoulos (OLD)
Level 1
Level 1
In response to Harmit Singh

‎01-10-2013 04:49 AM

Hello Harmit,

What I really need is to restrict telnet on Cisco Phones on tcp port 22.

telnet 10.20.XX.XX 22 

Trying 10.20.XX.XX, 22 ... Open

SSH-2.0-1.00

By issuing the commands above, the access is still allowed. I will try upgrading the firmware and keep you posted.

Thanks for your response.

George S.

0 Helpful

Georgios Sotiropoulos (OLD)
Level 1
Level 1
In response to Georgios Sotiropoulos (OLD)

‎01-10-2013 05:51 AM

Is there a way to restrict the SSH access, without upgrading to Firmware 9.2.1?

0 Helpful

Harmit Singh
Cisco Employee
Cisco Employee
In response to Georgios Sotiropoulos (OLD)

‎01-10-2013 08:47 AM

Hi George,

AFAIK, if you dont have those commands configured under telephony service, the phone config files would not get updated to allow SSH access. Having said that, I would advise trying to upgrade the firmware to 9.2.1 or greater and check then.

Regards,

Harmit.

0 Helpful

Sanjay.Kaul.
Level 1
Level 1
In response to Harmit Singh

‎01-14-2013 07:50 AM

Hello Harnit,

I do not have those commands in my telephony service. However I can still ssh to my CME phones. I am using 9.0 firmware and some other older ones.

I just disabled ssh access to all my CUCM phones via the GUI by altering the common device profile, how do I do the same with CME phones without upgrading firmware? There has to be a command even if you have to do it on every ephone you would think...right?

Thanks,

Sanjay

0 Helpful

barry
Level 7
Level 7
In response to Sanjay.Kaul.

‎01-14-2013 08:54 AM

Hi Sanjay

This is not a direct answer to your question, but I had a similar problem enabling config access to a 7925 which wasn't covered in Cisco's documenation.

What I did to resolve this was look at the config file generated by CUCM (I retrieved it via TFTP) and looked at the relevant parameter in the config.

Looking at the config file, it is called "sshAccess".

0

This turned SSH on in CUCM.

In CUCME, you could try something like:

telephony-service

service phone sshAccess 1

no create cnf

create cnf

Then restart the phone. Note that this will (if it works) disable SSH for all phones). You can also configure "service phone" under an ephone-template and apply it to one or more phones that way.

I haven't got a CUCME to test with, but hopefully this will work.

HTH

Barry Hesk

Intrinsic Network Solutions

0 Helpful

Sanjay.Kaul.
Level 1
Level 1
In response to barry

‎01-14-2013 08:58 AM

Thanks Barry, I will try that.

0 Helpful

barry
Level 7
Level 7
In response to Sanjay.Kaul.

‎01-14-2013 09:01 AM

It is of course possible that the handset needs to be running 9.2(1) firmware for it to recognise the parameter of course... but worth a try...

Barry Hesk

Intrinsic Network Solutions

0 Helpful
Customers Also Viewed These Support Documents